SAML SSO Setup with Okta
This guide explains how to configure SAML 2.0-based Single Sign-On (SSO) between Okta and Fairjungle.
Once set up, users can log in to Fairjungle securely using their Okta credentials, streamlining access and improving security.
Prerequisites
Before you begin, make sure you have:
- Admin access to Okta
- Admin access to Fairjungle
- Fairjungle's SAML metadata or ACS (Assertion Consumer Service) URL
- Your organization's domain verified in Fairjungle (required for SSO)
If you don’t have the SAML details from Fairjungle yet, contact Fairjungle Support.
Step 1: Create a New SAML App in Okta
- Log in to the Okta Admin Console
- Go to Applications > Applications
- Click Create App Integration
- Choose:
- Sign-in method: SAML 2.0
- Click Next
Step 2: Configure the SAML Settings
General Settings
- App name:
Fairjungle - (Optional) Upload Fairjungle logo for easy identification
Click Next.
SAML Settings
Fill in the following:
-
Single sign-on URL:
Provided by Fairjungle
e.g.https://app.fairjungle.com/sso/saml/acs -
Audience URI (SP Entity ID):
Provided by Fairjungle
e.g.https://app.fairjungle.com/sso/saml/metadata -
Name ID format:
EmailAddress -
Application username:
Email
Attribute Statements (Optional but Recommended)
You can send additional user attributes via SAML:
| Name | Name format | Value |
|---|---|---|
firstName | Unspecified | user.firstName |
lastName | Unspecified | user.lastName |
email | Unspecified | user.email |
Click Next to proceed.
Step 3: Finish Setup and Assign Users
- Review the configuration summary
- Click Finish to create the app
- Go to the Assignments tab
- Assign the Fairjungle app to appropriate users or groups
Step 4: Send Metadata to Fairjungle
To complete the setup on Fairjungle’s side:
- Navigate to the Sign On tab in the Okta app
- Scroll to SAML Signing Certificates
- Click Actions > View IdP metadata
- Copy the metadata URL or download the XML file
Send this metadata to Fairjungle Support or your Fairjungle account manager. They will complete the configuration and notify you when SSO is live.
Optional: Enforce SSO Login in Fairjungle
If you want to require users to log in only via SSO:
- Fairjungle can restrict login for users under a specific domain (e.g.
@yourcompany.com) - Contact support to enable this enforcement policy
Troubleshooting Tips
- Make sure user email addresses in Okta match those in Fairjungle
- Double-check that assigned users have access to the app in Okta
- Use Okta’s SAML Tracer or system log to debug failed login attempts
- Confirm with Fairjungle that your domain is verified and linked to your SSO configuration