SAML SSO using Okta

Updated 1 week ago by Andrew White

Spoke is excited to offer an integration with Okta. Spoke's SAML integration relies on a user level token. To insure consistent delivery of SAML services, Spoke best practices recommend using an admin service account such as to complete this integration.

Supported Features

The Okta/Spoke ( SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

For Spoke-specific SAML best practices, make sure you read the Before you Begin section.

Before you begin 

  • Assign the app to yourself in Okta for testing first.
  • Only Spoke Admins have the superpowers to enable SAML for the organization.
  • After SAML is enabled, all non-admin members in Spoke must log in with SAML. Admins who have not setup a password will be prompted by a banner in the web app. Admins can still log in with a password as needed.
  • Because the SSO setup will log out all users and admins, it’s best to setup SAML when there are few users logged in. Whether it be before launch, or outside of business hours.
  • Spoke offers just in time provisioning. This means that if a user logs into Spoke for the first time using SSO, an account will automatically be created.

Configuration Steps

Log into Spoke and navigate to the Integrations menu.

  1. Navigate to Settings
  2. Select the Integrations Menu
  3. Find the SAML tile and choose Connect

Copy the following fields from your Okta setup page into the Spoke Settings/SAML Page.

  1. Sign on URL
  2. Issuer
  3. Public certificate
  4. Press Test SAML connection

Once the test is completed, you can push Enable SAML

Uncheck the checkbox if you don't want to email notifications of SAML being enabled to your team.


  • Make sure that you entered the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Spoke.
  • The following SAML attributes are supported:
    • Name










SP-initiated SSO

  1. Go to: https://[your-subdomain]
  2. Enter your email, then click the arrow icon:
  3. Click Log in with SSO:

How did we do?

Powered by HelpDocs