Okta SSO

Single Sign-On (SSO) with Okta enables organizations to access Asset Panda Pro securely using centrally managed Okta identities. By authenticating users through Okta, teams can reduce password fatigue, minimize login-related support requests, and enforce consistent security policies across the organization. Once configured, users can sign into Asset Panda Pro using their existing Okta credentials, enabling a seamless and secure authentication experience.

Prerequisites

• Active Asset Panda Pro subscription with Administrator access

• Okta tenant with Admin or Super Admin permissions

• Users created in Okta with email addresses that match Asset Panda user accounts

Configure SSO in Okta

Set up Asset Panda as a SAML 2.0 application in Okta and generate the IdP Metadata file required by Asset Panda.

Create a SAML Application

1. Sign into the Okta Admin Console.

2. Navigate to Applications > Applications.

3. Click Create App Integration.

4. Select SAML 2.0 and click Next.

5. Enter an App name (for example, Asset Panda SSO).

6. Optionally, upload an app logo.

7. Click Next.

8. Provide the following values to configure SAML settings:

   • Single sign-on URL (ACS URL): Use the Assertion Consumer Service (ACS) URL provided by Asset Panda.

   • Audience URI (SP Entity ID): Use the same value as the ACS URL, unless otherwise instructed.

   • Name ID format: Select EmailAddress.

   • Application username: Set to Email.

9. For Attribute Statements, configure the following attribute mapping to ensure proper user identification (recommended):

1. Click Next, review the configuration, and click Finish.

Assign users

1. In Okta, go to the Assignments tab.

2. Assign users or groups that should have access to Asset Panda Pro.

Download/copy IdP Metadata

1. Go to the Sign On tab of the Asset Panda application in Okta.

2. Locate the SAML 2.0 section.

3. Download or copy and create the IdP Metadata XML file. This file will be uploaded to Asset Panda in the next step.

Configure SSO in Asset Panda

After completing the Okta configuration, set up SSO in Asset Panda using the IdP Metadata file.

1. Log into Asset Panda Pro with an administrator account

2. Navigate to Settings > Preferences > Single sign-on (SSO).

3. Click Add new SSO.

4. Under Select Your SSO Provider, choose SAML.

5. Complete the following fields:

   • Enable Type

     • Enable for all users: Applies SSO to all users

     • Enable for selected domains: Applies SSO only to specified email domains

   • Selected Domains: When domain-based SSO is enabled, enter one or more email domains (for example, company.com) and press Enter.

   • Connection Name: Enter a descriptive name for the SSO connection (for example, Okta SSO)

6. Upload the IdP Metadata XML file downloaded from Okta. You can drag and drop the file or click Browse to upload it.

7. Click Save. Asset Panda automatically extracts the required SAML configuration and certificates from the metadata file.

Enable and verify SSO

1. Ensure the newly added SSO connection shows a status of Enabled.

2. Open a private or incognito browser window.

3. Navigate to the Asset Panda Pro login page.

4. Enter your email address and proceed with SSO login.

1. Authenticate through Okta and confirm you are redirected to the Asset Panda Pro dashboard.

Notes and considerations

• Asset Panda uses the IdP Metadata file to configure all SAML settings automatically. Manual entry of ACS URLs, Entity IDs, or certificates is not required.

• User email addresses in Okta must exactly match user email addresses in Asset Panda.

• If multiple SSO connections exist, ensure domain settings do not overlap.

Troubleshooting