Valigov Enforce supports integration with Identity Providers (IdP) that support the XML-based Security Assertion Markup Language (SAML) 2.0 protocol. Okta is one such provider that supports a custom integration.


Configuring Valigov Enforce with Okta is a two-step process. Step 1 involves working within Okta to configure Enforce as an app. Step 2 involves working within Enforce.


Step 1: Okta Configuration

Follow the steps outlined in Okta's SAML app integration guide


When you get to "Task 3", you'll need the following information:

Attribute NameValue
Single Sign On URLhttps://app.valigov.com/sso/consume
Recipient URLhttps://app.valigov.com/sso/consume
Destination URL (Same as Recipient)https://app.valigov.com/sso/consume
Audience URI (SP Entity ID)https://app.valigov.com
Default RelayStateleave blank
Name ID FormatThis should be in the form of an email address.



Group Attribute Statements: Enforce expects some additional user information to be passed by Okta, these are:

NameName FormatValue
FirstNameUnspecifiedThe user's first name
LastNameUnspecifiedThe user's last name


⚠️ Note: the attribute names above are case-sensitive

Continue with Task 4 and 5.

Step 2: Valigov Enforce Configuration

1. Obtain the IdP Metadata file from Okta in Task 5, step 3. 


⚠️SSO testing will fail unless you have also added to Valigov Enforce any users who should have access. Ensure users have already been added in Valigov Enforce under Account Settings.


2. In a new browser tab/window, go to https://app.valigov.com and login to Valigov with your username and password.


3. Click on your account name and click Account Settings.


4. In the Authentication section, click the Setup button.


5. In the Single Sign-on Configuration section, scroll down to the IDP Metadata File section and click the Choose File button. Locate the XML file you saved and upload it.

6. Then clickat the bottom of the page.


7. Testing IdP-initiated SSO (make sure users are provisioned to the app in Okta): Open up a private/incognito window in your browser and go to Okta's login portal, login with your SSO credentials, locate and then launch the Valigov Enforce custom app. If SSO was successful, you'll arrive at the Valigov Enforce home page for your account.


8. Testing SP-initiated SSO: Open up a private/incognito window in your browser and go to https://app.valigov.com and enter your Okta username (email address). You will see the following message -- click Sign in with SSO. You will then be taken to Okta's login screen and the IdP-initiated login flow. If SSO was successful, you'll arrive at the Valigov Enforce home page for your account.