Skip to content
Contact Support
  • There are no suggestions because the search field is empty.

Setting Up Single Sign-On with OKTA 🔐

📣 Because this process is a bit technical, we highly recommend getting your IT team to help you with the setup.

Want to give your team one-click access to Haystack? By setting up Okta SSO, your users can log in using their existing company credentials—no extra passwords required.

Step 1: Create a New App Integration in Okta

  • Log in to your Okta Admin Dashboard.

  • Navigate to Applications > Applications in the left sidebar.

  • Click Create App Integration.

  • Select SAML 2.0 as the Sign-in method and click Next.

  • Name the app "Haystack" and upload our company logo to make it easy for your team to find.

Step 2: Configure SAML Settings

  • Single Sign-On URL: https://yoursubdomain.haystack.so/saml/consume

  • Audience URI (SP Entity ID): https://yoursubdomain.haystack.so

  • Name ID Format: Select EmailAddress.

  • Application Username: Select Email.

Click Next, select "I'm an Okta customer adding an internal app," and click Finish.

Step 3: Copy the Metadata URL

Once the app is created, Okta will take you to the Sign On tab.

  • Look for the SAML Setup section or the Metadata Details link.

  • Find the App Federation Metadata URL.

  • Copy this URL to your clipboard.

📌 Note: Do not download the XML file. Using the URL is much safer as it prevents manual formatting errors and ensures your connection stays updated.

Step 4: Complete the Setup in Haystack

Now, jump back over to Haystack to bridge the connection.

  • Go to your Haystack Admin Console and select User Provision and Login.

  • Scroll to the SSO section and paste the link you copied into the IDP Metadata URL field. 

⚠️ Important: Ensure the Metadata XML field is left completely empty.

  • Why? Providing both can cause configuration conflicts. Additionally, pasting XML manually can sometimes introduce "hidden characters" (like non-breaking spaces) that will cause the connection to fail.

  • Click Save.

Troubleshooting

If your team encounters errors while logging in:

  • Check the XML field: Ensure no stray characters or spaces were left in the Metadata XML box in Haystack.

  • Verify Subdomain: Ensure the "yoursubdomain" part of the URLs in Okta matches your Haystack workspace exactly.

Keywords: Okta, SAML, SSO, single sign-on, IT, admin, authentication, configuration, IDP Metadata.