How to set up Single Sign-On (SSO) with Okta for Avoma
Use Avoma's SSO with Okta for streamlined access management and unified login experience for your users
Avoma supports Single Sign-On (SSO) using Okta to help you manage access across your organization securely. You can configure SSO using either the OIDC or SAML 2.0 protocol, based on your organization’s preference.
This guide walks you through the steps to integrate Okta with Avoma using both options.
Once SSO is enabled, users will only be able to log in using SSO. Other login methods — including Google or Microsoft sign-in, will be disabled.
Prerequisites
Before you begin:
- You must be on the Organization plan or higher in Avoma
- You must have Admin privileges in Avoma to request SSO setup
- You must be an Admin in Okta to configure the integration
- Your users should be provisioned in Okta and assigned to the Avoma app
- You’ll need to share configuration values (Client ID, Secret, or Metadata) with Avoma Support or your Customer Success Manager
Note: Once SSO is enabled for your organization:
- Users will only be able to log in using SSO
- Other login methods (e.g. Google or Microsoft) will be disabled
While we recommend Okta Open ID Connect (OIDC) as the preferred authentication protocol for SSO with Avoma, we also support SAML 2.0 authentication protocol.
You can choose either ways to setup SSO.
Option 1: Set up SSO using Okta with OIDC (Recommended)
If your organization uses Okta as its identity provider, we recommend setting up SSO with OpenID Connect (OIDC). This modern authentication protocol is fully supported by Avoma and offers enhanced security and performance.
The setup includes two steps:
- Create an OIDC app in Okta
- Share your configuration details with Avoma
Step 1: Create an OIDC app in Okta
- Log in to your Okta account > Admin > Applications section.
- Click on Create App Integration
- Choose:
- Sign-in method: OIDC – OpenID Connect
- Application type: Web Application
-
In General Settings choose:
- App name: Avoma (OIDC)
- Grant type: Authorization Code (with PKCE)
- In the Login section,
- Enter https://app.avoma.com/okta/oidc in the Sign-in redirect URIs field.
If you also use mobile app , Add additional URI "com.avoma:/callback" in the Sign-in redirect URIs field - Enter https://app.avoma.com/login in the Sign-out redirect URIs field
- Enter https://app.avoma.com/okta/oidc in the Sign-in redirect URIs field.
- In the controlled access section, choose “Skip group assignment for now“
- Click Save. A custom OIDC Okta app will be created. Continue to configure the app and assign users to it.
- Make note of the Client credentials - Client ID and Client Secret.
- Go back to the new app and look for the LOGIN in the General tab.
- In the “Login initiated by” section, select “Either Okta or app”.
- For Application Visibility, select “Display application icon to users“
- For Login flow, select Redirect to app to initiate login (OIDC Compliant).
- For Initiate login URI, enter: https://app.avoma.com/oidc/login
- Click Save.
- Click the Sign On tab and go to the Open ID Connect ID Token section.
- For the Issuer URL, select Okta URL. Make a note of it. The URL usually appears in the following format: https://<companyname>.okta.com.
- Now go to the Assignments tab and assign the app users and/or groups that should have access to Avoma.
Step 2: Share your OIDC details with Avoma
Currently, Avoma sets up an SSO on your behalf for your organization. Please contact Avoma Support or your Customer Success Manager and provide the following details:
- Client ID
- Client Secret
- Issuer URL
Once Avoma has configured SSO for you, you will receive a confirmation. Avoma will also terminate the existing sessions for all your users so that they can freshly log in using SSO.
Your users can then start using the SSO option on the Avoma login screen to access their accounts.
Option 2: Setting up SSO with Okta SAML 2.0
Setting up SSO for Avoma with Okta SAML is a two step process.
- Create an Avoma app in Okta with SAML 2.0 option
- Provide details to set up Okta SAML SSO in Avoma.
Step 1 : Create an Avoma app in Okta with SAML 2.0 option
Prerequisite : You must be an admin in Okta to be able to set up Avoma app in Okta for SSO
- Log in to your Okta account > Admin > Applications section.
- Click on Create App Integration
- Select "SAML 2.0" as the Sign-In Method and "Web Application" as the Application Type. Then click on the "Next" button.
- Enter the App Name on the next screen and hit Next.
- In the SAML settings section , enter "https://prod-api.avoma.com/saml2/acs" in the Single sign-on URL and enable the checkbox .
- In the Audience URI and Default Relay state enter "https://app.avoma.com" .
- Select "Email Address" for the Name ID format ,
- Select "Email" for Application User Name
- Select "Create and Update" for Update Application Username on setting.
- In the Attribute Statements section, enter values as shown below
- Scroll down to click Next.
- Select "It's required to contact vendor to enable SAML" and click Finish.
- Your SAML app creation is complete. You will be shown a screen with details about the Metadata URL and Issuer. Copy the Metadata URL and Issuer.
- Now go to the Assignments tab and assign the app users and/or groups that should have access to Avoma.
- SAML Settings should look like this when you click on the "General" Tab in the UI
Step 2: Provide details to set up Okta SAML SSO in Avoma
Currently, Avoma sets up an SSO on your behalf for your organization. Please contact Avoma Support or your Customer Success Manager and provide the following details:
- Metadata URL copied in Step 1
- Issuer copied in Step 1
Once Avoma has configured SSO for you, you will receive a confirmation. Avoma will also terminate the existing sessions for all your users so that they can freshly log in using SSO.
Your users can then start using the SSO option on the Avoma login screen to access their accounts.