Configure Ogadu SSO with Okta

This guide walks you through setting up SAML 2.0 Single Sign-On between Okta and Ogadu. After completing these steps, your team members can sign in to Ogadu using their Okta credentials.

Prerequisites

Before you begin, make sure you have:

• [x] An Ogadu account with organization admin access
• [x] An Okta admin account with permission to configure applications
• [x] Your Ogadu Organization ID (found in your organization settings)

Step 1: Find Your Ogadu Organization ID and SP Details

1. Sign in to Ogadu.
2. Navigate to your organization's settings page from the sidebar.
3. Scroll down to the Single Sign-On (SSO) section.

4. You'll see the SP Metadata URL — it contains your Organization ID.

   For example, if the metadata URL is:

   https://app.ogadu.com/sso/saml/metadata/acme-corp-x7k2
   

   Then your Organization ID is acme-corp-x7k2.

5. Keep this page open — you'll need it in Step 3.

Copy the Metadata URL

Click the Copy button next to the metadata URL. You may need this URL if configuring Okta manually.

Step 2: Add Ogadu in Okta

Option A: From the Okta Integration Network (Recommended)

1. Sign in to your Okta Admin Console.
2. Go to Applications → Browse App Catalog.
3. Search for Ogadu.
4. Click Add Integration.
5. In General Settings, enter your Ogadu Organization ID.
6. Click Done.
7. Continue to Step 3.

Option B: Manual SAML Configuration

If Ogadu isn't available in your Okta catalog yet, create a custom SAML app:

1. Sign in to your Okta Admin Console.
2. Go to Applications → Applications → Create App Integration.
3. Select SAML 2.0 and click Next.

4. Enter the following:

   Setting	Value
   App name	Ogadu
   App logo	Upload your company's Ogadu logo (optional)

5. Click Next and configure the SAML settings:

   Setting	Value
   Single sign-on URL	https://app.ogadu.com/sso/saml/acs
   Use this for Recipient URL and Destination URL	Checked
   Audience URI (SP Entity ID)	https://app.ogadu.com/sso/saml/metadata/YOUR_ORG_ID
   Default RelayState	(leave blank)
   Name ID format	EmailAddress
   Application username	Email

   Replace YOUR_ORG_ID

   Replace YOUR_ORG_ID with your actual Ogadu Organization ID from Step 1 (e.g., acme-corp-x7k2).

6. Add the following Attribute Statements:

   Name	Name format	Value
   email	Basic	user.email
   firstName	Basic	user.firstName
   lastName	Basic	user.lastName
   displayName	Basic	user.displayName

7. Click Next, then Finish.

Step 3: Copy IdP Details to Ogadu

After creating the Okta app, you need to copy three values from Okta to Ogadu.

1. In Okta, go to your Ogadu application's Sign On tab.

2. Click View SAML setup instructions, or expand More details to find the following values:

   Value	Where to find it
   IdP Entity ID	Listed as "Identity Provider Issuer"
   IdP SSO URL	Listed as "Identity Provider Single Sign-On URL"
   X.509 Certificate	Click "Download certificate"

3. In Ogadu, go to your organization's SSO settings (from Step 1).

4. Enter the IdP details:

   • IdP Entity ID — Paste the Identity Provider Issuer URL
   • IdP SSO URL — Paste the Single Sign-On URL
   • IdP Certificate (PEM) — Paste the full certificate content, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines

5. Enter your Email Domains — the email domains your team uses (e.g., acme.com, acme.co.uk). Separate multiple domains with commas.

   What are email domains used for?

   When a user enters their email on the Ogadu login page, Ogadu checks the domain. If it matches a configured SSO domain, the SSO sign-in button automatically appears.

6. Click Save SSO Configuration.

Step 4: Test the Connection

1. In Ogadu's SSO settings, click Test Connection.
2. Verify that all checks pass:
   • IdP Entity ID is valid
   • IdP SSO URL is reachable
   • Certificate is parseable and not expired

Test failed?

See Troubleshooting for common issues and solutions.

Step 5: Assign Users in Okta

Users must be assigned to the Ogadu app in Okta before they can use SSO.

1. In Okta, go to your Ogadu application's Assignments tab.
2. Click Assign → Assign to People (or Assign to Groups).
3. Select the users or groups who should have access.
4. Click Save and Go Back, then Done.

Just-In-Time Provisioning

When an assigned user signs in via SSO for the first time, Ogadu automatically creates their account and adds them to your organization. You don't need to create Ogadu accounts in advance.

Step 6: Test SSO Sign-In

Test SP-Initiated Flow (from Ogadu)

1. Open a private/incognito browser window.
2. Go to https://app.ogadu.com/auth/login.
3. Enter an email address with your configured domain (e.g., alice@acme.com).
4. Tab out of the email field — an SSO button should appear: "Sign in with [Your Organization]".
5. Click the SSO button.
6. Authenticate at Okta.
7. You should be redirected back to Ogadu and signed in.

Test IdP-Initiated Flow (from Okta)

1. Sign in to your Okta End-User Dashboard.
2. Find the Ogadu app tile.
3. Click it.
4. You should be signed in to Ogadu automatically.

Both tests passed?

SSO is working correctly. You can now optionally enforce SSO in Step 7.

Step 7: Enforce SSO (Optional)

If you want to require all users with your email domain to use SSO (blocking password login):

1. In Ogadu's SSO settings, enable the Require SSO toggle.
2. Click Save or wait for the toggle to save automatically.

When enforced:

• Users with matching email domains who try to log in with a password are automatically redirected to Okta.
• The password form is hidden and replaced with a redirect notice.

Test before enforcing

Make sure SSO is working correctly for all your users before enabling enforcement. If SSO breaks while enforced, users won't be able to sign in with passwords as a fallback.

Platform administrators can always sign in with a password regardless of SSO enforcement.

Step 8: Share the SSO Login URL (Optional)

You can share a direct SSO login URL with your team:

https://app.ogadu.com/sso/login/YOUR_ORG_ID

This URL immediately redirects users to Okta for authentication, bypassing the email detection step on the login page.

SAML Configuration Reference

Property	Value
ACS URL	https://app.ogadu.com/sso/saml/acs
SP Entity ID	https://app.ogadu.com/sso/saml/metadata/YOUR_ORG_ID
SP Metadata URL	https://app.ogadu.com/sso/saml/metadata/YOUR_ORG_ID
Name ID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Signature Algorithm	RSA-SHA256
Assertion Signed	Required
SP-initiated SSO	Supported
IdP-initiated SSO	Supported
JIT Provisioning	Supported

Need Help?

• Check the Troubleshooting guide for common issues
• Contact support@ogadu.com for assistance