Skip to main content

Prerequisites

Before you begin, you’ll need:
  • Administrative access to your Okta Workforce account
  • The SSO configuration details from Ally Security (we’ll provide these after you request SSO setup)
  • The email domain(s) that should be enabled for SSO

Step 1: Create a new enterprise app in Okta

  1. Navigate to Okta and sign in to your admin account.
  2. In the Okta dashboard, select Admin in the top right corner.
  3. In the navigation sidebar, select the Applications dropdown and select Applications.
  4. Select Create App Integration.
  5. In the Create a new app integration modal, select the SAML 2.0 option and select the Next button.
Screenshot2026 01 27at8 39 54AM Screenshot2026 01 27at8 40 03AM
  1. Once redirected to the Create SAML Integration page, complete the General Settings fields. An App name is required (e.g., “Ally Security”).
  2. Select Next. You’ll be redirected to the Configure SAML page.

Step 2: Configure SAML settings

You’ll need to enter the following information that we (Ally Security) will provide to you:
  1. Single sign-on URL: Paste the Single sign-on URL provided by Ally Security into the Single sign-on URL field.
  2. Audience URI (SP Entity ID): Paste the Audience URI (SP Entity ID) provided by Ally Security into the Audience URI (SP Entity ID) field.

Step 3: Configure attribute mappings

Ally Security requires specific attributes in the SAML response. Configure the following attribute statements:
  1. In the Attribute Statements (optional) section, add the following attributes: Email address (required)
    • Name field: mail
    • Value field: Select user.email from the dropdown
    First name (optional)
    • Name field: firstName
    • Value field: Select user.firstName from the dropdown
    Last name (optional)
    • Name field: lastName
    • Value field: Select user.lastName from the dropdown
  2. Scroll to the bottom of the page and select the Next button to continue.
  3. You will be redirected to the Feedback page. Fill out the feedback however you would like and select the Finish button to complete the setup.
Screenshot2026 01 27at8 56 49AM

Step 4: Assign users or groups

Before users can sign in using SSO, you need to assign them to the enterprise app:
  1. In the Okta dashboard, select the Assignments tab.
  2. Select the Assign dropdown. You can either select Assign to people or Assign to groups.
  3. In the search field, enter the user or group of users that you want to assign to the enterprise app.
  4. Select the Assign button next to the user or group that you want to assign.
  5. Select the Done button to complete the assignment.
Screenshot2026 01 27at8 59 23AM

Step 5: Share the Metadata URL with Ally Security

After completing the setup in Okta, you’ll need to provide Ally Security with your app’s metadata URL:
  1. In the Okta dashboard, navigate to your application’s page.
  2. Select the Sign On tab.
  3. Under Sign on methods, locate the Metadata URL.
  4. Copy the Metadata URL.
  5. Share this URL with your Ally Security contact or support team.
Image

What to provide to Ally Security

To complete the SSO setup, please provide the following information:
  1. Metadata URL: The Metadata URL from your Okta app (as described in Step 5)
  2. Email domain: The email domain(s) that should be enabled for SSO (e.g., @yourcompany.com)
  3. Test user email (optional): An email address of a test user that can be used to verify the SSO configuration

After setup is complete

Once Ally Security has configured SSO on our end:
  • All users with email addresses ending in your configured domain will be redirected to Okta for authentication
  • Users will sign in using their Okta credentials
  • Existing users with matching email domains will need to use SSO to sign in
[!WARNING] If there are existing users with email domains that match the SSO configuration, they will be required to use SSO to sign in once it’s enabled. Make sure to communicate this change to your team members.

Troubleshooting

If you encounter issues during setup:
  • Verify attribute mappings: Ensure that the attribute names (mail, firstName, lastName) match exactly as specified
  • Check user assignments: Confirm that users or groups have been assigned to the Okta app
  • Verify domain configuration: Ensure the email domain matches what was provided to Ally Security
  • Contact support: Reach out to Ally Security support if you need assistance with the configuration