Skip to main content

Set Up SAML SSO with Okta

Enterprise Single Sign on Using Okta as an Identity Provider

Updated today

This guide walks you through configuring SAML-based Single Sign-On between Okta and BetaTesting. By the end of this process, your team members will be able to log in to BetaTesting using their Okta credentials.

Looking for SCIM provisioning too? If you also want automated user provisioning, complete this SSO guide first, then follow our Set Up SCIM with Okta guide. SCIM requires a SAML-based integration in Okta.

Prerequisites

  • Administrator access to your Okta admin console

  • An Enterprise plan on BetaTesting

  • Your BetaTesting account manager's contact information

Overview

The setup involves a back-and-forth exchange between you and BetaTesting:

  1. You create a SAML app in Okta and share the metadata with BetaTesting

  2. BetaTesting configures the connection and provides you with two values to complete the setup

  3. You update your Okta app with those values

  4. Both sides test the login

Step 1: Create a SAML Application in Okta

  1. Log in to your Okta admin console

  2. Go to Applications > Applications

  3. Click Create App Integration

  4. Select SAML 2.0 as the sign-in method

  5. Click Next

General Settings

  1. Enter an App name (e.g., BetaTesting SSO)

  2. Optionally upload an app logo

  3. Click Next

SAML Settings

For the initial setup, you'll use placeholder values that BetaTesting will provide later. Enter these temporary values:

  1. Single sign-on URL: https://placeholder.betatesting.com (you will update this in Step 3)

  2. Check Use this for Recipient URL and Destination URL

  3. Audience URI (SP Entity ID): https://placeholder.betatesting.com (you will update this in Step 3)

  4. Name ID format: Unspecified

  5. Application username: Email

Attribute Statements

Add the following attribute statements:

Name

Value

displayName

user.profile.displayName

email

user.profile.email

Group Attribute Statements (for role mapping)

If you want BetaTesting to automatically assign roles based on your Okta groups:

Add a Group Attribute Statement:

  • Name: groups

  • Filter: Matches regex .*

This sends group memberships in the SAML assertion, allowing BetaTesting to map Okta groups to BetaTesting roles. See SSO Role Mapping & Permissions for details.

Click Next, then Finish

Step 2: Collect Your IdP Metadata

After creating the app:

  1. On the app's Sign On tab, click View SAML setup instructions or go to the Metadata section

  2. Collect the following three values:

  3. Send these three values to your BetaTesting account manager through a secure channel. Your account manager will provide instructions for secure transfer.

Step 3: Update Your Okta App with BetaTesting's Values

Once BetaTesting configures the connection on their side, your account manager will provide you with two values:

  • Assertion Consumer Service URL (also called the Single sign-on URL)

  • Entity ID (also called the Audience URI / SP Entity ID)

To update your Okta app:

  1. Go back to your BetaTesting SAML app in Okta

  2. Go to the General tab > SAML Settings > Edit

  3. Click Next to get to the SAML configuration screen

  4. Update:

    • Single sign-on URL: paste the Assertion Consumer Service URL from BetaTesting

    • Audience URI (SP Entity ID): paste the Entity ID from BetaTesting

  5. Click Next, then Finish

Step 4: Assign Users

Before users can log in via SSO, they must be assigned to the app in Okta:

  1. In your BetaTesting SAML app, go to the Assignments tab

  2. Click Assign > Assign to People (or Assign to Groups)

  3. Select the users or groups who should have BetaTesting access

  4. Click Assign, then Done

Step 5: Test SSO Login

Coordinate with your BetaTesting account manager to test the connection:

  1. Your account manager will provide you with an SSO login link specific to your organization

  2. Open the link in a browser (use an incognito/private window for clean testing)

  3. You should be redirected to Okta's login page

  4. Log in with an Okta user who is assigned to the BetaTesting app

  5. After authentication, you should be redirected back to BetaTesting and logged in

What to verify:

  • The user lands on the correct BetaTesting page after login

  • If this is a new user, their BetaTesting account was created automatically

  • If you configured group attribute statements, the user's role matches their Okta group membership

What BetaTesting Configures

For transparency, here's what the BetaTesting team sets up on their side during this process:

  1. Enterprise SAML connection - Using your IdP metadata (SSO URL, certificate, issuer), BetaTesting creates an enterprise SAML connection that establishes the trust relationship

  2. SSO connection record - Links the SAML connection to your company account, with your allowed email domain(s) and a default role

  3. Role mappings (if requested) - Maps your Okta group names to BetaTesting roles (e.g., "Admins" group -> Company Admin role). See SSO Role Mapping & Permissions

  4. Testing - BetaTesting verifies the connection works correctly before confirming setup is complete

Next Steps

Related Articles
Single Sign-On (SSO) Overview
Set Up SAML SSO with Any Identity Provider
SCIM Provisioning Overview
Set Up SCIM with Okta
SSO/SCIM FAQ & Troubleshooting
Did this answer your question?