Docs

Add Okta Workforce as a SAML connection

You will learn the following:

  • Use Okta Workforce to enable single sign-on (SSO) via SAML for your Clerk application.

Before you start

Tutorial

Set up an enterprise connection in Clerk

To create a SAML connection in Clerk:

  1. Navigate to the Clerk Dashboard.
  2. In the top navigation, select Configure. Then in the sidebar, select SSO Connections.
  3. Select the Add connection button, and select For specific domains.
  4. Select Okta Workforce as the identity provider.
  5. Add the Name of the connection. This is the name that will be displayed in the sign-in form.
  6. Add the Specific Domain that you want to allow this connection for. This is the domain of the users you want to allow to sign in to your application.
  7. Select Add connection. You will be redirected to the connection's configuration page.
  8. Find the Service Provider Configuration section.
  9. Save the Single sign-on URL and the Audience URI (SP Entity ID) values somewhere secure. You'll need these in the Configure your service provider step.
  10. Leave this page open.

Create a new enterprise application in Okta

To create a new enterprise application in Okta:

  1. Navigate to Okta and sign in.
  2. In the Okta dashboard, select Admin in the top right corner.
  3. In the navigation sidebar, select the Applications dropdown and select Applications.
  4. Select the Create App Integration button.
  5. In the Create a new app integration modal, select the SAML 2.0 option and select the Next button.
  6. Once redirected to the Create SAML Integration page, fill in the General Settings fields. An App name is required.
  7. Select the Next button to continue.

Configure your service provider

Once you have moved forward from the General Settings instructions, you will be presented with the Configure SAML page.

To configure your service provider (Clerk), you must add these two fields to your IdP's application:

  • Single sign-on URL - This is your application's URL that your IdP will redirect your users back to after they have authenticated in your IdP.
  • Audience URI (SP Entity ID) - This is a unique identifier for your SAML connection that your IdP application needs.

To fill out the appropriate values for these fields:

  1. Paste the Single sign-on URL and the Audience URI (SP Entity ID) values that you saved earlier into their respective fields.

Map Okta claims to Clerk attributes

Mapping the claims in your IdP to the attributes in Clerk ensures that the data from your IdP is correctly mapped to the data in Clerk.

Clerk attributeOkta claim
mailuser.email
firstNameuser.firstName
lastNameuser.lastName
  1. In the Okta dashboard, find the Attribute Statements (optional) section.
  2. For the Name field, enter mail.
  3. For the Value field, choose user.email from the dropdown.
  4. Select the Add Another button to add another attribute.
  5. For the Name field, enter firstName.
  6. For the Value field, choose user.firstName from the dropdown.
  7. Select the Add Another button to add another attribute.
  8. For the Name field, enter lastName.
  9. For the Value field, choose user.lastName from the dropdown.
  10. Scroll to the bottom of the page and select the Next button to continue.
  11. You will be redirected to the Feedback page. Fill out the feedback however you would like and select the Finish button to complete the setup.

Assign selected user or group in Okta

You need to assign your users/user groups to your enterprise application. For example, if you were part of the Clerk organization, you would have access to users and groups in the Clerk organization. In this case, you could assign one or more users or entire groups to the enterprise application you just created.

  1. In the Okta dashboard, select the Assignments tab.
  2. Select the Assign dropdown. You can either select Assign to people or Assign to groups.
  3. In the search field, enter the user or group of users that you want to assign to the enterprise application.
  4. Select the Assign button next to the user or group that you want to assign.
  5. Select the Done button to complete the assignment.

Configure your identity provider

Once you have completed the setup in Okta, you will be redirected to the application instances page with the Sign On tab selected.

  1. Under Sign on methods, copy the Metadata URL.
  2. Navigate back to the Clerk Dashboard and find the Identity Provider configuration section.
  3. Under the Metadata configuration option, paste the Metadata URL.
  4. Select the Fetch & save button to complete the setup.

Enable the connection for Clerk

To make the connection available for your users to authenticate with:

  1. In the Clerk Dashboard, you should still have the connection's configuration page open. If not, navigate to the SSO Connections page and select the connection.
  2. Toggle on Enable connection and select Save.

Feedback

What did you think of this content?
Edit this page on GitHub

Last updated on