Skip to main content
Skip table of contents


SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This transfer is done through an exchange of digitally signed XML documents. Sectona PAM uses Okta SAML Authentication to allow access for their users. This section covers:

Before you begin

  • The user should admin access to the Okta developer portal.

  • The user must also have admin access to Sectona PAM.

Configuring Okta SAML Authentication

To configure SAML authentication for Okta with Sectona PAM instance, follow the below-mentioned steps:

Configuring Okta Developer Account 

  • Log in to Okta developer account as admin.

  • Go to Applications → Applications → Create New App

  • Select “SAML 2.0” and then click Create.

  • Enter a suitable name for your app and click on enter.

  • Configure the following fields in the app and click on Next:

    • SSO URL: ‘URL where your PAM is installed.’

    • Entity ID: Provide a random unique String combination as your Entity ID. It will help t to create a unique identity for your SAML App configuration and avoid duplicate entries.

    • Name ID: Select Email Address from the drop-down list

    • Application username: Select Email from the drop-down list

  • Select the appropriate option suited best for your identity with Okta and click on Finish.

  • We can then view and download the configuration metadata by clicking on “Identity Provider Metadata.” 

Adding Users in Okta

  • Go to Applications → Applications.

  • Click on the arrow beside the app that you had created and then click on Assign to Users.

  • Click on add a user and fill in the required details and click on Save.

Configuring Sectona for Okta SAML Authentication

  • Login to System and select Platform Configuration from the product navigator.

  • Select AD & Directory Store under the Authentication section→ Click on add Ad & Directory Store.

  • Fill in the following details:

    • Directory Name: Provide a suitable name 

    • Authentication Type: Select ‘Generic SAML’ from the drop-down list

    • Directory Store Type: Select ‘SAML’ from the drop-down list

    • Issuer: Provide the URL where your PAM is installed

    • Logon URL: This is present in the metadata file. You will find two SingleSignOnService Location tags in the metadata file. Choose the URL which is distinctive for the HTTP-POST method. Copy that URL and paste it into this field.

    • Logon Binding: This will be auto-filled in PAM 

    • Open your metadata file. Copy the text present in <ds:X509Certificate> tag. Paste it in a notepad and save it as a .crt file. Upload that file as the certificate file and then click Save.

  • Go to User Management section → User → Assign the created directory store to the user to complete the configuration.

To view the Logon with Okta SAML option on login page of the system then select Platform Configuration from the product navigator, go to System → System Defaults → User Logon Show SAML Option → Set the config value as 1.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.