SAML SSO Set Up
Okta Identity Provider
This guide walks your Okta administrator through creating and configuring a SAML 2.0 application integration so your organization's users can sign in to SolidProfessor using Okta Single Sign-On.
Prepared by: SolidProfessor Document Version: 1.0 Last Updated: February 2026
SolidProfessor — Confidential Page 1
SAML SSO Set Up: Okta
Page 2

Table of Contents

  1. Create SAML App Integration — Page 3
  2. Configure SAML Settings & Finish — Pages 4–5
  3. Attribute Statements — Pages 5–6
  4. Assign Users & Groups — Page 7
  5. Send Metadata to SolidProfessor — Pages 7–8

Prerequisites

Before you begin:  Ensure you have received the SAML configuration values from SolidProfessor before starting this setup. These values are unique to your organization and are required to complete Section 2.

Overview

The setup consists of five steps that create a trust relationship between Okta (your Identity Provider) and SolidProfessor (the Service Provider). At the end of this process, you will send SolidProfessor a metadata XML file so we can finalize the connection on our side.

SolidProfessor — Confidential Page 2
SAML SSO Set Up: Okta
Page 3

1 Create SAML App Integration

In this section you will create a new SAML 2.0 application in Okta for SolidProfessor.

  1. Log in to the Okta Admin Console with an account that has administrator privileges.
  2. In the left-hand navigation menu, expand Applications and click Applications.
  3. Click the Create App Integration button.
  4. In the Create a new app integration dialog, select SAML 2.0 as the sign-in method.
  5. Click Next.
  6. On the General Settings page, enter the following:
    • App name: SolidProfessor
    • App logo: (optional) Upload the SolidProfessor logo if desired.
  7. Click Next to proceed to the SAML configuration page.
Note:  Unlike Microsoft Entra ID (which requires creating a Non-gallery Enterprise Application first and then enabling SAML separately), Okta lets you select SAML 2.0 as the sign-in method at creation time. This streamlines the initial setup.
SolidProfessor — Confidential Page 3
SAML SSO Set Up: Okta
Page 4

2 Configure SAML Settings

You should now be on the Configure SAML tab. This is where you tell Okta how to communicate with SolidProfessor.

General

  1. In the Single sign-on URL field, enter the ACS (Assertion Consumer Service) URL provided by SolidProfessor:
    Value:  Custom domain configured for your User Pool App Client, appended with /saml2/idpresponse
    This will be provided by SolidProfessor.
  2. Ensure the Use this for Recipient URL and Destination URL checkbox is checked (this is the default).
  3. In the Audience URI (SP Entity ID) field, enter the Entity ID provided by SolidProfessor:
    Value:  URN of the user pool in AWS Cognito
    This will be provided by SolidProfessor.
  4. Leave Default RelayState blank.
  5. Set Name ID format to EmailAddress (or leave as Unspecified).
  6. Set Application username to Email.
Why these values matter:  The Single sign-on URL is where Okta sends the SAML assertion after a user authenticates. The Audience URI identifies the SolidProfessor service provider to Okta. Both values point to the correct AWS Cognito instance that handles your organization's authentication.
SolidProfessor — Confidential Page 4
SAML SSO Set Up: Okta
Page 5

Finish Creating the Application

After entering the SAML settings on the Configure SAML page, complete the creation wizard:

  1. Click Next.
  2. On the Feedback page, select "I'm an Okta customer adding an internal app" (or the option that best describes your use case).
  3. Click Finish.
Checkpoint:  Your SolidProfessor SAML application has been created in Okta. You should now be on the application's Sign On tab. The next step is to add attribute statements.

3 Attribute Statements

Attribute statements tell Okta which user profile fields to include in the SAML assertion so SolidProfessor can identify and provision users correctly. These are configured on the Sign On tab after the application has been created.

  1. On the Sign On tab, scroll down to the Attribute statements section.
  2. Click Add expression.
  3. Add each of the attribute mappings listed on the next page. For each one, enter the Name and the Value (Okta expression), then save.
SolidProfessor — Confidential Page 5
SAML SSO Set Up: Okta
Page 6

Required Attribute Mappings

Add each of the following attribute statements using the Add expression button.

Name Value (Okta Expression)
email user.email
firstName user.firstName
lastName user.lastName
address user.streetAddress
city user.city
state user.state
postalCode user.zipCode
country user.countryCode
phoneNumber user.primaryPhone
Tip:  The Name column values must match exactly as shown (they are case-sensitive). The Value column uses Okta's expression language to reference standard user profile fields.
Legacy UI:  If you see a "Show legacy configuration" option in the Attribute statements section, you do not need to expand it. Use the Add expression button to add each mapping above.
SolidProfessor — Confidential Page 6
SAML SSO Set Up: Okta
Page 7

4 Assign Users & Groups

Before users can sign in via SSO, they must be assigned to the SolidProfessor application in Okta. You can assign individual users or entire groups.

Option A: Assign Individual Users

  1. Navigate to the Assignments tab of your SolidProfessor application.
  2. Click the Assign button and select Assign to People.
  3. Search for and select each user who should have SSO access to SolidProfessor.
  4. Click Assign next to each selected user, then click Done.

Option B: Assign a Group

  1. On the same Assignments tab, click Assign and select Assign to Groups.
  2. Select the Okta group(s) whose members should have SSO access.
  3. Click Assign next to the group, then click Done.
Important:  Only users who are assigned to this application (directly or via a group) will be able to use SSO to access SolidProfessor. If a user is not assigned, they will receive an error when attempting to sign in.
SolidProfessor — Confidential Page 7
SAML SSO Set Up: Okta
Page 8

5 Send Metadata to SolidProfessor

SolidProfessor needs your Identity Provider (IdP) metadata to complete the SSO configuration on our side. This metadata contains your Okta SSO endpoint, signing certificate, and entity ID.

  1. In the SolidProfessor application, navigate to the Sign On tab.
  2. In the SAML 2.0 section, locate the Metadata details area.
  3. You will see a Metadata URL — click Copy to copy it to your clipboard.
  4. Send this Metadata URL to your SolidProfessor contact.
Alternative:  If you prefer to send a file instead of a URL, open the Metadata URL in your browser, then right-click the page and select Save As… to download it as metadata.xml.
That's it!  Once SolidProfessor receives your metadata URL (or XML file), we will complete the configuration on our side and notify you when SSO is ready for testing.
SolidProfessor — Confidential Page 8
SAML SSO Set Up: Okta
Page 9

Summary

Here is a quick reference of everything configured in this guide:

Setting Value
App Name SolidProfessor
Sign-in Method SAML 2.0
Single sign-on URL Provided by SolidProfessor
Audience URI (SP Entity ID) Provided by SolidProfessor
Name ID Format EmailAddress
Application Username Email
Attribute Statements 9 attributes (see Section 3)

Troubleshooting

Users cannot sign in

SAML assertion errors

Need help?

Contact your SolidProfessor account representative for assistance with SSO configuration.

SolidProfessor — Confidential Page 9