Okta SSO SAML Integration Guide

This guide walks Okta administrators through configuring SAML single sign-on (SSO) for Dokio from the Okta Integration Network (OIN).

Supported features

For more information on the listed features, visit the Okta Glossary.

Prerequisites

  • Admin access to your Okta account
  • Your hub subdomain (e.g., example  if your app URL is example.dokio.co    )
  • Dokio base domain (Production: dokio.co, Staging: staging.dokio.xyz)

Setup Instructions

1. Add the Application in Okta

  1. Log in to your Okta Admin Console
  2. Navigate to Applications > Applications in the left sidebar
  3. Click Browse App Catalog
  4. Search for Dokio
  5. Click Add Integration
  6. Click Done to add the application to your Okta instance

2. Configure Your Subdomain and Dokio Domain

  1. Configure SAML options

On the Sign-On Options tab:

  • Click Edit
  • Under Sign on methods, confirm that SAML 2.0 is selected.
  • Copy the Metadata URL — Please send this to support@dokio.com where we will add your metadata to the Dokio hub.
  • Application username format — Choose how Okta passes the username to Dokio. The default is Email, which works for most deployments.
  • Click Done.

  1. Assign Users and Groups

Once we have added your metadata to the Dokio hub you can start assigning users and groups. If you will be provisioning with SCIM then please refer to this guide: https://help.dokio.co/article/433-scim

  1. Open the application and go to the Assignments tab.
  2. Click Assign → Assign to People or Assign to Groups.
  3. Select the users or groups who should have access, click Assign, and review any per-user attribute prompts.
  4. Click Save and Go Back, then Done.

SP-initiated SSO

The sign-in process is initiated from your Dokio hub (e.g., example.dokio.co    if your subdomain is example  )

  1. From your browser, navigate to the Dokio hub sign-in page and then click on Continue with Single Sign On.
  2. Enter your Okta credentials (your email and password) and click "Sign in with Okta".If your credentials are valid, you are redirected to the Dokio hub dashboard.

Troubleshooting

Because the Dokio team configures the service provider side for you, most setup issues you'll hit are on the Okta side: assignment, attributes, or the metadata you've shared with us.

  • Dokio tile is missing from the user's Okta dashboard — The user or group isn't assigned, or Application visibility is set to hidden. Check the Assignments tab and the visibility setting under General Settings.
  • Clicking the tile shows App is not assigned to this user    — The user exists in Okta but hasn't been assigned to Dokio. Assign the user directly or via a group on the Assignments tab.
  • Sign-in succeeds in Okta but Dokio shows a generic error or blank screen — Dokio hasn't received your metadata yet, or it doesn't match what Okta is sending. Confirm with the Dokio team that your IdP metadata has been loaded; re-send if you've rotated the signing certificate.
  • SAML response signature invalid    — The certificate we have on file doesn't match the one Okta is signing with (often after a cert rotation in Okta). Download the current Okta IdP metadata or X.509 cert and send it to the Dokio team.

Support

If you encounter any issues during setup, please contact our support team by clicking Contact at the top of the document or emailing us at support@dokio.com with:

  • Your subdomain
  • Screenshots of any error messages
  • Description of the issue you're experiencing
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us