# Configuring Platform9 for Single Sign-on with Okta

Platform9 supports Single Sign On with Okta. This tutorial describes the procedure for configuring Platform9 as Okta application. Once the application is configured, you can follow these [steps](/managed-openstack/5.8/authentication-and-authorization/single-sign-on-sso.md) to grant your Okta users access to the Platform9 cloud.

### Step 1: Create a New SAML Connector

After logging in as admin, search for "Template SAML 2.0 App". This app is deprecated by Okta, however it works with Platform9.

### Step 2: Configure SAML Connector

Give your application connector a suitable label as shown below.

<figure><img src="/files/IwPRoN6Yq904mJvrOa7t" alt=""><figcaption></figcaption></figure>

### Step 3: Configure Okta Connection Settings

1. Post Back URL: Set it to https\:///Shibboleth.sso/SAML2/POST
2. Name ID Format: Leave it as is.
3. Recipient: Set it to https\:///Shibboleth.sso/SAML2/POST
4. Audience Restriction: Set it to https\:///keystone
5. authnContextClassRef: Leave it as is.
6. Response: Leave it as is.
7. Assertion: Leave it as is.
8. Request: Leave it as is.
9. Destination: Set it to https\:///Shibboleth.sso/SAML2/POST
10. Default Relay State: Set it to https\:///clarity/#/signin/sso
11. Attribute Statements: Configure as needed. These are the attributes which show up as part of SAML assertion posted to the Platform9 environment. They can be used to create mappings in OpenStack. These mappings provide a way to associate Okta users to resources in OpenStack. At a minimum, the attributes **FirstName** and **LastName** of the user are needed.

<figure><img src="/files/yA88hdywmW2GrQ02HuCu" alt=""><figcaption></figcaption></figure>

That is it! Once you grant permissions to Okta users as described [here](/managed-openstack/5.8/authentication-and-authorization/single-sign-on-sso.md), they can start using Platform9 based OpenStack cloud right away.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/managed-openstack/5.8/authentication-and-authorization/authentication-saml-connector.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.