This guide walks you through integrating Okta Single Sign-On with Axya. Once configured, your users can log in to Axya using their existing Okta credentials.
Send the following information to Axya's security team at security@axya.co:
| Information | Description |
|---|---|
| User domain name | The email domain used for SSO (e.g., user@yourcompany.com) |
| Metadata URL | The Okta SAML metadata URL for the application (preferred), or provide the three items below manually |
| SSO URL | The Identity Provider Single Sign-On URL from Okta |
| Entity ID / Issuer | The Identity Provider Issuer value from Okta |
| X.509 Certificate | The signing certificate downloaded from Okta |
| Test account | A test user with valid Okta credentials for Axya to validate the SSO flow |
| Information | Description |
|---|---|
| User domain name | The email domain used for SSO (e.g., user@yourcompany.com) |
| Client ID | The Client ID assigned to the Axya application in Okta |
| Client Secret | The Client Secret generated for the Axya application |
| Okta domain | Your Okta organization URL (e.g., yourcompany.okta.com) |
| Test account | A test user with valid Okta credentials for Axya to validate the SSO flow |
If you selected SAML 2.0 in Step 1:
| Name | Value |
|---|---|
email |
user.email |
firstName |
user.firstName |
lastName |
user.lastName |
If you selected OIDC in Step 1:
yourcompany.okta.com).Important: Only users assigned to the application (directly or via a group) will be able to log in to Axya through SSO.
Email the following to security@axya.co:
For SAML 2.0:
For OIDC:
The Axya security team will configure the SSO connection and provide the ACS URL, Entity ID, or Redirect URI if not already shared.
"User is not assigned to this application" error
The user attempting to log in has not been assigned to the Axya application in Okta. Complete Step 3 above to assign the user or their group.
"Invalid redirect URI" or "No matching redirect URI" error
The Redirect URI (OIDC) or ACS URL (SAML) configured in Okta does not match what Axya expects. Contact security@axya.co to confirm the correct value.
"Bad Request — Invalid SAML Response" error
The Name ID format or attribute mappings may be incorrect. Verify that the Name ID format is set to EmailAddress and that the attribute statements are configured as described in Step 2A.
SSO works for some users but not others
Unaffected users are likely not assigned to the Axya application in Okta. Check the Assignments tab and ensure all relevant users or groups are assigned.
Note: This guide covers the general Okta SSO setup. Configuration steps may vary depending on your Okta plan and organizational policies. Refer to the official Okta documentation for the most current instructions.
For assistance, contact the Axya security team at security@axya.co.