Configuring Okta SSO

Before proceeding with the configuration of Google SSO, please ensure that you read our SSO Best Practices Guide.


Part 1 - Getting your Gatekeeper tenant ready to Configure & Test

Step 1) Navigate to Settings > Configuration > Authentication

Step 2) Change your settings to 🔘 Allow All Authentication Methods

Step 3) Hit ✅ Save


Do not select 🔘 Require Okta Single Sign on yet 🤚

Without configuring & testing this setting, you may lock yourself out of your Gatekeeper tenant!

If you have done this and locked your tenant - inform our Support team here



Part 2 - Configuring Okta

Step 1) Sign in to the Okta Admin Dashboard

Step 2) Create Gatekeeper as a new Application


Step 3) Go to the Sign On tab of the Gatekeeper app, then enter the Base URL

To get your Gatekeeper Base URL, take the url when logged into your environment (minus any page-specific extensions)

Step 4) Hit Save

View Okta's Guidance here and navigate to Step 4 to view more details


SP-initiated flows and IDP-initiated flows are supported.

Just In Time (JIT) provisioning is not supported.


Part 3 - Configuring Gatekeeper

Step 1) While in Settings > Configuration > Authentication, hit Configure Okta

Step 2) Enter the variables obtained from Okta as below:

Application ID: This is the ID component of the URL generated in your Okta Admin Dashboard

For example,

If Okta Displays ""

Use "exk18o312mrXCbUs21d8" as the Application ID in Gatekeeper 

Identity Provider Single Sign-On URL &  X.509 Certificate: These values should also be obtained via your Okta Admin Dashboard

Step 3) Hit ✅ Save


Part 4 - Test the new SSO Connection

Step 1) Log out of Gatekeeper

Step 2) On the login screen, choose Okta

Step 3) Enter your credentials & sign in


    If you configured the application correctly, you should be able to log in!

    You can also check if other users have been able to log in successfully via Okta by checking their login history:

    To find this, go to Settings > Users, click on a user's Name then go to the Logins tab


    Part 5 - Restrict access to only allow Okta SSO

    When you have successfully tested Okta SSO, you can restrict access to only allow Okta as a login method

    Step 1) Navigate to Settings > Customisations > Authentication

    Step 2) Select 🔘 Require Okta Single Sign On (SSO)

    Step 3) Hit ✅ Save

    You can now communicate to your users that only Okta will work as a login method from here onwards 👍


    NB. If communicating with a Customer Success Manager or Support Agent from Gatekeeper, even they will not be able to bypass this SSO setting

    So if you wish to allow them to access your Gatekeeper environment, you will need to:

    a) Add them as a guest to your Okta Active Directory


    b) Consider temporarily setting your tenant to 🔘 Allow all authentication methods to allow them to log in via other authentication methods


    Note. Access to the Employee Portal and Vendor Portal remain via username and password when SSO authentication is set.