This guide walks you through configuring Single Sign-On (SSO) between Okta and your FMX application using SAML 2.0. Follow the steps in order to ensure a successful setup. This document covers SSO configuration only; for full Okta integration or provisioning steps, refer to the appropriate Okta integration documentation.OverviewFMX supports SAML 2.0–based SSO with third‑party Identity Providers (IdPs) such as Okta. In this setup:Okta acts as the Identity Provider (IdP)FMX acts as the Service Provider (SP)Once configured, users will be able to authenticate to FMX using their Okta credentials.PrerequisitesBefore you begin, ensure the following:You have admin access to Okta (Super Admin or Application Admin)Your FMX environment has SAML SSO enabledYou know your FMX tenant URL (for example: https://yourcompany.gofmx.com)You have a list of users or groups that should access FMX via SSOStep 1: Create a SAML Application in OktaLog in to the Okta Admin ConsoleNavigate to Applications > ApplicationsClick Create App IntegrationSelect SAML 2.0 and click NextGeneral App SettingsEnter an application name (for example: FMX SSO)(Optional) Upload an application logo(Optional) Hide the app from the Okta dashboard if desiredClick NextStep 2: Configure SAML Settings in OktaOn the SAML Settings page, enter the following information:Required FieldsUse the FMX values below when configuring the SAML settings in Okta.Single Sign-On URL (ACS / Reply URL)https://hostname.gofmx.com/login/saml2/callback Audience URI (SP Entity ID / Identifier)https://hostname.gofmx.com/ Recipienthttps://hostname.gofmx.com/login/saml2/callback ACS (Consumer) URL Validator^https:/\/\/hostname\.gofmx\.com\/login\/saml2\/callback$ User IdentificationName ID Format: EmailAddressApplication Username: EmailThis ensures FMX receives the user’s email address as the unique identifier.Click NextSelect an option for feedback (this does not affect functionality)Click FinishStep 3: Retrieve Okta Identity Provider MetadataAfter the app is created:Open the newly created FMX app in OktaGo to the Sign On tabClick View Setup InstructionsCopy and save the following values:Identity Provider Single Sign-On URLIdentity Provider IssuerX.509 Certificate (download or copy the full certificate)You will provide these values to FMX in a later step.Step 4: Assign Users or Groups in OktaSSO will only work for users assigned to the application.In the Okta app, go to the Assignments tabClick AssignAssign the app to individual users or groupsSave your changesStep 5: Configure SAML Settings in FMXIn FMX (or by working with FMX Support), configure SAML using the Okta values you collected:Required Okta Values for FMXIdentity Provider Single Sign-On URLIdentity Provider IssuerX.509 CertificateFMX SAML RequirementsFMX expects a valid SAML 2.0 assertionThe user’s email address must be included (typically as the NameID)First name and last name attributes are recommendedOnce FMX has your Okta metadata, SSO will be enabled for your tenant.Step 6: Test the SSO ConfigurationWe strongly recommend testing before rolling out to all users.Test ScenariosIdP-initiated login:Launch FMX directly from the Okta dashboardSP-initiated login:Start from the FMX login page and select the SSO optionIf login fails, verify:ACS URL and Entity ID match exactlyUsers are assigned to the Okta applicationThe correct certificate is configuredBest Practices & TipsTest with a small group of users before full deploymentKeep a record of all SAML URLs and certificatesUpdate certificates before they expireUse group assignments in Okta to manage access at scaleNeed Help?If you need assistance completing the setup or troubleshooting SSO issues, please contact FMX Support and include:Your FMX tenant URLYour Okta IdP metadata (SSO URL, Issuer, Certificate)Screenshots of your Okta SAML settings (if available)You’re all set! Once configured, your users will be able to securely access FMX using Okta Single Sign-On. Was this article helpful? 0 out of 0 found this helpful