Before you can start setting up Single Sign On (SSO) for Salesforce and Okta, we need to check the following:
Log in to your Okta account as an administrator (with administrator access).
Under Applications> Applications, search for the Salesforce app in the Okta Integration Network (App Integration Catalog).
Add Salesforce.com app in.
Fill in the Add Salesforce.com options.
Then click on the "Sign On" tab.
Click on "View Setup Instructions".
You will then be sent to a customised version with your instance's details prefilled of this generic webpage - View Setup Instructions.
Take note of the details on the page, as you will need to copy and paste these into Salesforce later.
In a new browser tab, log in to your Salesforce account as an administrator (with administrator access).
In Salesforce, open your Single Sign-On (SSO) settings.
Navigate to Administer> Security Controls> Single Sign-On Settings.
You should see something like this "Single Sign-On Settings" on Salesforce.
Under "SAML Single Sign-On Settings" section, click on "New".
Add in your Single Sign-On settings.
You can copy SSO settings from Okta (View Setup Instructions) and paste it into Salesforce's sections.
Please enter required information (marked in red) from Okta into the IdP configuration fields and leave the others to the default in Salesforce.
When you are ready, let's test that it works.
In Okta Admin Console, let's assign a user to the application. (Applications> Applications> Salesforce app)
Go to "Assignments" tab. (Applications> Applications> Salesforce app> "Assignments)
Select "Assign" and "Assign to People".
Select our test user, click "Assign" and then "Done".
Now let's log into our Okta instance as a test user. You may need to refresh your browser if you had the browser window already open.
Then click on "Salesforce" application icon (chiclet).
Success, you will be logged in successfully to your Salesforce account!
This will allow us to create users, update users and deprovision users in Salesforce from Okta.
In Okta Admin Console, in the Applications> Applications> Salesforce app.
Click on the "Provisioning" tab. (Applications> Applications> Salesforce app> Provisioning).
Click on "Integrations".
Click "Allow" to Allow Access to your Salesforce instance.
You should then receive a "Salesforce.com was verified successfully!" message.
You can use Salesforce's SAML validator if you want to test to make sure your Salesforce Single Sign-On settings have been configured correctly.
Navigate to Administer> Security Controls> Security SAML Validator.