circle-info
Browser extension has been released. Send recordings with annotations and more.
Get it nowarrow-up-right
search
PricingContact SupportEnterpriseHomepageSign Up

SAML SSO with Okta

Configure SAML SSO with Okta

This guide walks through setting up SAML single sign-on between Okta and Screendesk. After completing these steps, your team members can log in to Screendesk using their Okta credentials.

circle-info

Plan Availability: Enterprise only

circle-info

Before starting, make sure you have admin access to both the Okta Admin Console and your Screendesk workspace. You will also need your Screendesk service provider details — find them in Account Settings → Security → SAML SSO.

hashtag
Configuration Overview

Setting up SAML SSO with Okta involves creating a SAML app integration in the Okta Admin Console, configuring the SAML settings, and then entering Okta's IdP details in Screendesk.

You will need these Screendesk values for the Okta side:

Screendesk Field
Value

Single sign-on URL

https://app.screendesk.io/saml_callback

Audience URI (SP Entity ID)

urn:screendesk.io:saml

hashtag
Step 1 — Create a SAML App Integration in Okta

1

hashtag
Open the Okta Admin Console

Sign in to your Okta organization and open the Admin Console. Navigate to Applications → Applications.

2

hashtag
Create a new app integration

Click Create App Integration. Select SAML 2.0 as the sign-in method and click Next.

3

hashtag
Name the app

Enter Screendesk as the app name. Optionally upload the Screendesk logo. Click Next.

4

hashtag
Configure SAML settings

On the Configure SAML screen, enter the following:

General:

Field
Value

Single sign-on URL

https://app.screendesk.io/saml_callback

Use this for Recipient URL and Destination URL

Checked

Audience URI (SP Entity ID)

urn:screendesk.io:saml

Default RelayState

Leave blank

Name ID format

EmailAddress

Application username

Email

Attribute Statements:

Name
Name format
Value

email

Unspecified

user.email

first_name

Unspecified

user.firstName

last_name

Unspecified

user.lastName

Click Next.

5

hashtag
Complete the feedback step

On the Feedback screen, select I'm an Okta customer adding an internal app and click Finish.

6

hashtag
Copy the Okta IdP details

After the app is created, go to the Sign On tab and scroll down to the SAML Signing Certificates section. Find the active certificate and click Actions → View IdP metadata.

Alternatively, use the values shown under SAML 2.0 in the Sign On tab:

  • Sign on URL (or Identity Provider Single Sign-On URL) — Copy this. You will paste it as the Single Sign On URL in Screendesk.

  • Issuer (or Identity Provider Issuer) — Copy this. You will paste it as the IDP Entity ID in Screendesk.

  • Signing Certificate — Click Download certificate. You will paste its contents as the IDP Certificate in Screendesk.

circle-info

You can also find these values by clicking View SAML setup instructions under the Sign On tab, which provides all three values on a single page.

7

hashtag
Assign users to the app

Go to the Assignments tab and click Assign. Assign the app to individual users or groups who should have access to Screendesk.

circle-exclamation

Only users assigned to the Screendesk app in Okta will be able to log in via SAML. Unassigned users will receive an error from Okta.

hashtag
Step 2 — Configure Screendesk

1

hashtag
Open SAML SSO settings

In Screendesk, go to Account Settings → Security → SAML SSO and click Edit SAML SSO Settings.

2

hashtag
Enter the Okta IdP details

Using the values you copied from the Okta Admin Console in Step 1:

Screendesk Field
Value from Okta

SSO Domain

Your company's email domain (e.g., yourcompany.com)

IDP Entity ID

The Issuer (Identity Provider Issuer)

Single Sign On URL

The Sign on URL (Identity Provider Single Sign-On URL)

IDP Certificate

The contents of the downloaded certificate file. Open it in a text editor and paste the full text, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

3

hashtag
Save the configuration

Click Save Changes.

hashtag
Step 3 — Test the Connection

1

hashtag
Test from Okta

In the Okta Admin Console, go to the Screendesk app's General tab and click Test SAML login. This opens a new window and attempts a full SAML login.

2

hashtag
Test from the Screendesk login page

Open an incognito window, go to the Screendesk login page, click Sign in with SAML SSO, and enter an email address that belongs to your SSO domain. You should be redirected to Okta's login page and then signed in to Screendesk.

hashtag
Optional — SCIM Provisioning with Okta

Okta supports SCIM 2.0 for automatic user provisioning. Once configured, Okta can create, update, and deactivate Screendesk user accounts based on app assignments.

1

hashtag
Enable SCIM provisioning in Okta

On the Screendesk app in Okta, go to the General tab and click Edit. Change Provisioning to SCIM and click Save.

2

hashtag
Configure the SCIM connection

Go to the Provisioning tab and click Edit under SCIM Connection:

Field
Value

SCIM connector base URL

https://app.screendesk.io/api/v2/scim

Unique identifier field for users

userName

Supported provisioning actions

Push New Users, Push Profile Updates, Push Groups (optional)

Authentication Mode

HTTP Header

Authorization

The SCIM Token from your Screendesk SAML SSO settings

Click Test Connector Configuration to verify, then click Save.

3

hashtag
Enable provisioning actions

Under Provisioning → To App, click Edit and enable:

  • Create Users

  • Update User Attributes

  • Deactivate Users

Click Save.

hashtag
Troubleshooting

chevron-right"SAML Authentication failed" errorhashtag

This usually means the SAML response signature could not be verified. Check the following:

  • The IDP Certificate in Screendesk matches the certificate downloaded from Okta. Make sure you pasted the full PEM text including header and footer lines.

  • The Single sign-on URL in Okta matches https://app.screendesk.io/saml_callback exactly.

  • The Audience URI in Okta matches urn:screendesk.io:saml exactly.

  • Make sure the signing certificate in Okta is Active (not expired or inactive).

chevron-rightOkta shows "app not assigned" errorhashtag

The user trying to log in has not been assigned to the Screendesk app in Okta. Go to the Assignments tab and add the user or their group.

chevron-rightSCIM provisioning failshashtag

  • Verify the SCIM Token in Okta matches the token shown in your Screendesk SAML SSO settings.

  • Confirm the base URL is https://app.screendesk.io/api/v2/scim (not /scim/Users).

  • Check that the Authentication Mode is set to HTTP Header.

chevron-rightNew users get "Ask your IT administrator" messagehashtag

This means Automatic account creation is turned off in your Screendesk SAML settings. Either enable it in Account Settings → Security → SAML SSO, or use SCIM provisioning to create user accounts before they try to log in.

PreviousSAML SSO with Google WorkspaceNextInstalling Screendesk script

Last updated

Was this helpful?