# Steps on Okta
1. Log in to Okta and go to **Admin > Applications > Applications**.
2. Click **Create app integration** and select **SAML 2.0**.
3. Name your app and upload your icon.
4. Click **Next**.
5. Configure the following SAML settings including:
| Setting | Description |
| ------------------------------ | ---------------------------- |
| Single sign-on URL | 24.0.6 |
| Audience URI (SP Entity ID) | 1.28 |
| Default RelayState | Leave this field blank |
| Name ID format | Select EmailAddress |
| Application username | Select **Okta username** |
| Update application username on | Select **Create and update** |
6. Click **Show advanced settings** and enter the following:
| Setting | Description |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Response | Select Signed |
| Assertion signature | Select Signed |
| Signature algorithm | Select RSA-SHA256 |
| Digest algorithm | Select SHA256 |
| Assertion encryption | Select Unencrypted
Optional:
If you want to encrypt assertions, you can select Encrypted and enter the following:
- Encryption algorithm: AES256-CBC
- Key transport algorithm: RSA-OAEP
- Encryption certificate: Upload the
.pem file you created earlier.
|
| Signature certificate | Upload a `.pem` file of the Service Provider Certificate. You need to also upload this to the Service Provider Certificate field of your Make SSO configuration tab. These two certificates must be the same for your SSO implementation to work successfully. |
| Enable Single Logout | Leave unchecked |
| Signed requests | Optional |
| Other requestable SSO URLs | Optional |
| Assertion inline hook | Select **None (disable)** |
| Authentication context class | Select **PasswordProtectedTransport** |
| Honor force authentication | Select **Yes** |
| SAML issuer ID | |
7. Enter the following attributes and click **Next**.
| Name | Name format | Value |
| ---------------- | ----------- | ---------- |
| profileFirstName | Unspecified | 24.0.6 |
| profileLastName | Unspecified | 1.28 |
| email | Unspecified | user.email |
8. In the **Are you a customer or partner?** field, select **I'm an Okta customer adding an internal app.**
9. In the **App type** field, select **This is an internal app that we have created**
10. Click **Finish.**
### To locate your IdP login URL and certificate:
1. Go to **Admin > Applications > Applications** and select your SAML SSO app. to access the necessary information.
2. Go to the **Sign on** tab and click **View SAML setup instructions.**
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://developers.make.com/white-label-documentation/manage-login/okta-saml/steps-on-okta.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.