How to configure SAML 2.0 SSO with Okta ?

Jennifer Biscoe

04 March 2026 13:52

SAML 2.0 authentication allows members of your organization to access all the Scaleflex VXP and Portals using using single sign-on (SSO).

The Scaleflex VXP also support SCIM provisioning of users and groups from Okta. See How to configure SCIM 2.0 provisioning with Okta ?

Prerequisites

Okta IAM administrator access
Scaleflex VXP Administrator access
SAML 2.0 SSO is included in any VXP license

Supported features

The Okta/Scaleflex (VXP, Portals) SAML integration supports:

IdP-initiated SSO
SP-initiated SSO
SP-initiated SLO

Configuration steps

In the Scaleflex VXP Hub, navigate to Settings > Organisation > General
In the Access Management section, click on the Add Connection button:
Copy the values for the ACS URL and Audience URL.
In Okta, navigate to Applications > Applications and click on Create App Integration:
Select SAML 2.0 and click Next:
Name the application and optionally upload the Scaleflex logo:
Paste the values from step 3 as shown below and select the Name ID format to be EmailAddress:
Save the SAML integration and copy following values from the Sign On tab:
Back to the VXP Hub, paste the values as shown below:
Enter the list of email domains that should trigger SSO (separate them with comma if your organization has users with different email domains):
Save the configuration and make sure the toggle is on.
Back to Okta, assign the application previously created to Okta Users or Groups under the Assignments tab:
Existing VXP Hub or Portal users will start authenticating through SSO via Okta when typing their email address in the login form.
New users must be invited to join the VXP from Settings > Organisation > Users before they can SSO into the Hub or Portals via Okta:

Note: the VXP username needs to match the user's email address in Okta for SSO to function.