This guide walks you through configuring Single Sign-On (SSO) between Okta and your FMX application using SAML 2.0. Follow the steps in order to ensure a successful setup. This document covers SSO configuration only; for full Okta integration or provisioning steps, refer to the appropriate Okta integration documentation.
Overview
FMX supports SAML 2.0–based SSO with third‑party Identity Providers (IdPs) such as Okta. In this setup:
- Okta acts as the Identity Provider (IdP)
- FMX acts as the Service Provider (SP)
Once configured, users will be able to authenticate to FMX using their Okta credentials.
Prerequisites
Before you begin, ensure the following:
- You have admin access to Okta (Super Admin or Application Admin)
- Your FMX environment has SAML SSO enabled
- You know your FMX tenant URL (for example:
https://yourcompany.gofmx.com) - You have a list of users or groups that should access FMX via SSO
Step 1: Create a SAML Application in Okta
- Log in to the Okta Admin Console
- Navigate to Applications > Applications
- Click Create App Integration
- Select SAML 2.0 and click Next
General App Settings
- Enter an application name (for example: FMX SSO)
- (Optional) Upload an application logo
- (Optional) Hide the app from the Okta dashboard if desired
- Click Next
Step 2: Configure SAML Settings in Okta
On the SAML Settings page, enter the following information:
Required Fields
Use the FMX values below when configuring the SAML settings in Okta.
Single Sign-On URL (ACS / Reply URL)
https://hostname.gofmx.com/login/saml2/callbackAudience URI (SP Entity ID / Identifier)
https://hostname.gofmx.com/
Recipient
https://hostname.gofmx.com/login/saml2/callbackACS (Consumer) URL Validator
^https:/\/\/hostname\.gofmx\.com\/login\/saml2\/callback$
User Identification
- Name ID Format: EmailAddress
- Application Username: Email
This ensures FMX receives the user’s email address as the unique identifier.
- Click Next
- Select an option for feedback (this does not affect functionality)
- Click Finish
Step 3: Retrieve Okta Identity Provider Metadata
After the app is created:
- Open the newly created FMX app in Okta
- Go to the Sign On tab
- Click View Setup Instructions
Copy and save the following values:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate (download or copy the full certificate)
You will provide these values to FMX in a later step.
Step 4: Assign Users or Groups in Okta
SSO will only work for users assigned to the application.
- In the Okta app, go to the Assignments tab
- Click Assign
- Assign the app to individual users or groups
- Save your changes
Step 5: Configure SAML Settings in FMX
In FMX (or by working with FMX Support), configure SAML using the Okta values you collected:
Required Okta Values for FMX
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
FMX SAML Requirements
- FMX expects a valid SAML 2.0 assertion
- The user’s email address must be included (typically as the NameID)
- First name and last name attributes are recommended
Once FMX has your Okta metadata, SSO will be enabled for your tenant.
Step 6: Test the SSO Configuration
We strongly recommend testing before rolling out to all users.
Test Scenarios
- IdP-initiated login:
Launch FMX directly from the Okta dashboard - SP-initiated login:
Start from the FMX login page and select the SSO option
If login fails, verify:
- ACS URL and Entity ID match exactly
- Users are assigned to the Okta application
- The correct certificate is configured
Best Practices & Tips
- Test with a small group of users before full deployment
- Keep a record of all SAML URLs and certificates
- Update certificates before they expire
- Use group assignments in Okta to manage access at scale
Need Help?
If you need assistance completing the setup or troubleshooting SSO issues, please contact FMX Support and include:
- Your FMX tenant URL
- Your Okta IdP metadata (SSO URL, Issuer, Certificate)
- Screenshots of your Okta SAML settings (if available)
You’re all set! Once configured, your users will be able to securely access FMX using Okta Single Sign-On.