# How to configure SAML authentication settings in Central Server for Okta SSO? ## Description This document will walk you through the steps required to configure SAML Authentication settings in Central Server on-premises for Okta. Refer to this [site](https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/saml-authentication-with-sso-cloud.html) if you are looking to integrate Central Server cloud with Okta SSO. ## Installation Steps 1. Login to Okta. Click on **Admin** tab. Navigate to **Applications**. ![Login to Okta. Click on Admin tab.](https://www.manageengine.com/products/desktop-central/images/okta1-select-application-tab.png) 2. Click on **Create App Integration**. ![Okta Click on Create App Integration](https://www.manageengine.com/products/desktop-central/images/okta-click-on-create-app-integration.png) 3. Choose **SAML 2.0** and click on **Next**. ![Okta-Choose SAML 2.0 and click on Next](https://www.manageengine.com/products/desktop-central/images/okta-select-saml2.0.png) 4. Enter the Service Provider's name, in **App name**, that is, **Central Server**. Click on **Next**. ![Okta-Service Provider's name, in App name,](https://www.manageengine.com/products/desktop-central/images/okta-click-on-next-1st.png) 5. In **Central Server**, navigate to **Admin** tab, select **SAML Authentication**. Choose Configuration by downloading **certificate**. Copy **Entity ID** and **Assertion Consumer URL**. ![central server navigate to Admin tab, select SAML Authentication.](https://www.manageengine.com/products/desktop-central/images/okta-choose-config.png) 6. In Okta, paste the **Assertion Consumer URL** against **Single sign on URL**. Paste **Entity ID** against **Audience URI (SP Entity ID)**. ![In Okta, paste the Assertion Consumer URL against Single sign on URL](https://www.manageengine.com/products/desktop-central/images/okta-pasting-entity-id.png) 7. Click on **Next**. ![Okta click on next](https://www.manageengine.com/products/desktop-central/images/okta-click-on-next-2nd.png) 8. Choose - **I'm a software vendor. I'd like to integrate my app with Okta**. Click on **Finish**. ![Choose - I'm a software vendor. I'd like to integrate my app with Okta.](https://www.manageengine.com/products/desktop-central/images/okta-click-finish.png) 9. Navigate to **Assignments** tab. ![Okta Navigate to Assignments tab. Select Assign](https://www.manageengine.com/products/desktop-central/images/okta-navigate-to-assignments-tab.png) 10. Select **Assign**. You can choose to **Assign to People** or **Assign to Groups**. ![Okta Navigate to Assignments tab. Select Assign](https://www.manageengine.com/products/desktop-central/images/okta-assign-to-user-or-group.png) 11. Choose user or group and click on **Assign**. You can choose to **Assign to People** or **Assign to Groups**. Click on **Done**. ![Okta Choose user or group and click on Assign. You can choose to Assign to People or Assign to Groups](https://www.manageengine.com/products/desktop-central/images/okta-assign-ec-to-people.png) 12. Provide **Username** that matches with the admin > Provide user administration page details or mail address that matches with admin > User administration page. Click on **Save and Go Back**. ![Okta Assign Central Server user to Okta for login](https://www.manageengine.com/products/desktop-central/images/okta-save-and-go-back-1.png) **Note**: Domain users need to provide their details in the following format - **domain\username**. ![Edit user assignment in Okta](https://www.manageengine.com/products/desktop-central/images/okta-save-and-go-back-2.png) ![Central User Page to view emailid of user](https://www.manageengine.com/products/desktop-central/images/okta-save-and-go-back-3.png) 13. Click on **Done**. ![Okta Click on Done](https://www.manageengine.com/products/desktop-central/images/okta-after-ec-assignment-click-on-done.png) 14. Navigate to the **Sign On** tab. ![Okta Navigate to the Sign On tab](https://www.manageengine.com/products/desktop-central/images/okta-navigate-to-sign-on-tab.png) 15. Click **View IdP metadata**. Download Identity Provider metadata. ![Okta page click Veiw IDP metadata to download IDP metadata](https://www.manageengine.com/products/desktop-central/images/okta-click-on-view-idp-metadata.png) 16. In **SAML Authentication** settings of **Central Server**: Select **IdP** as **Others**. Enter **IdP name** as **Okta**. Select **Username** as **Name ID** or select **Username** as **Mail ID** w.r.t. to provided data on **Step 12**. ![SAML Authentication page choose nameid=emailid](https://www.manageengine.com/products/desktop-central/images/okta-select-username-as-name-id.png) Choose **configuration by uploading IdP metadata**. **Browse** and upload the **metadata** file. Click on **Save**. ![SAML Authentication settings page for central server](https://www.manageengine.com/products/desktop-central/images/okta-save-metadata.png) 17. In **Central Server**'s login page, choose the new option - **Login with Okta**. ![central server login page login with Okta](https://www.manageengine.com/products/desktop-central/images/okta-choose-login-with-okta.png) 18. Enter the credentials to login. ![okta login page](https://www.manageengine.com/products/desktop-central/images/okta-login-entering-credential.png)