> For the complete documentation index, see [llms.txt](https://prohelp.assetpanda.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://prohelp.assetpanda.com/integrations-store/single-sign-on-sso-integrations/okta-sso.md). # Okta SSO Single Sign-On (SSO) with Okta enables organizations to access Asset Panda Pro securely using centrally managed Okta identities. By authenticating users through Okta, teams can reduce password fatigue, minimize login-related support requests, and enforce consistent security policies across the organization. Once configured, users can sign into Asset Panda Pro using their existing Okta credentials, enabling a seamless and secure authentication experience. ## Prerequisites * Active Asset Panda Pro subscription with Administrator access * Okta tenant with **Admin** or **Super Admin** permissions * Users created in Okta with email addresses that match Asset Panda user accounts *** ## Configure SSO in Okta Set up Asset Panda as a SAML 2.0 application in Okta and generate the IdP Metadata file required by Asset Panda. ### Create a SAML Application 1. Sign into the **Okta Admin Console**. 2. Navigate to **Applications > Applications**. 3. Click **Create App Integration**. 4. Select **SAML 2.0** and click **Next**. 5. Enter an **App name** (for example, Asset Panda SSO). 6. Optionally, upload an app logo. 7. Click **Next**. 8. Provide the following values to configure SAML settings: * **Single sign-on URL (ACS URL)**: Use the Assertion Consumer Service (ACS) URL provided by Asset Panda. * **Audience URI (SP Entity ID)**: Use the same value as the ACS URL, unless otherwise instructed. * **Name ID format**: Select **EmailAddress**. * **Application username**: Set to **Email**. 9. For **Attribute Statements**, configure the following attribute mapping to ensure proper user identification (**recommended**): | **Name** | **Value** | | -------- | ------------ | | email | `user.email` | 10. Click **Next**, review the configuration, and click **Finish**. ### Assign users 1. In Okta, go to the **Assignments** tab. 2. Assign users or groups that should have access to Asset Panda Pro. ### Download/copy IdP Metadata 1. Go to the **Sign On** tab of the Asset Panda application in Okta. 2. Locate the **SAML 2.0** section. 3. Download or copy and create the **IdP Metadata XML** file. This file will be uploaded to Asset Panda in the next step. *** ## Configure SSO in Asset Panda After completing the Okta configuration, set up SSO in Asset Panda using the IdP Metadata file. 1. Log into Asset Panda Pro with an administrator account 2. Navigate to Settings icon **Settings** > **Preferences** > **Single sign-on (SSO)**. 3. Click **Add new SSO**. 4. Under **Select Your SSO Provider**, choose **SAML**. 5. Complete the following fields: * **Enable Type** * **Enable for all users**: Applies SSO to all users * **Enable for selected domains**: Applies SSO only to specified email domains * **Selected Domains:** When domain-based SSO is enabled, enter one or more email domains (for example, `company.com`) and press **Enter**. * **Connection Name**: Enter a descriptive name for the SSO connection (for example, Okta SSO) 6. Upload the **IdP Metadata XML** file downloaded from Okta. You can drag and drop the file or click **Browse** to upload it. 7. Click **Save**. Asset Panda automatically extracts the required SAML configuration and certificates from the metadata file. ### Enable and verify SSO 1. Ensure the newly added SSO connection shows a status of **Enabled**. 2. Open a private or incognito browser window. 3. Navigate to the Asset Panda Pro login page. 4. Enter your email address and proceed with SSO login. {% hint style="info" %} If domain-based SSO is configured, you may be prompted to re-enter your email address. {% endhint %} 5. Authenticate through Okta and confirm you are redirected to the Asset Panda Pro dashboard. *** ## Notes and considerations * Asset Panda uses the **IdP Metadata file** to configure all SAML settings automatically. Manual entry of ACS URLs, Entity IDs, or certificates is not required. * User email addresses in Okta must exactly match user email addresses in Asset Panda. * If multiple SSO connections exist, ensure domain settings do not overlap. *** ## Troubleshooting
IssueResolution
Login fails after authentication
  1. Verify the user is assigned to the Asset Panda Pro application in Okta.
  2. Confirm the user’s email address matches the Asset Panda Pro user record.
SSO button is not displayed
  1. Check that the SSO connection status is Enabled.
  2. Confirm the user’s email domain matches the configured domain (if domain-based SSO is used).
Certificate or metadata errorsRe-download the IdP Metadata file from Okta and re-upload it in Asset Panda Pro.
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://prohelp.assetpanda.com/integrations-store/single-sign-on-sso-integrations/okta-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.