HomeEngagementContentDiscoveryOther resources
Guides

Unified SSO for Okta

Suggest Edits

👍

Welcome note

Unified login is in the process of being applied to all users throughout September 2025.

Access the pre-existing documentation here: Administration.

Unified single sign-on (SSO) authentication for Okta enables your team to access Bloomreach using their existing company credentials (linked with Okta).

This guide walks you through configuring Okta as your identity provider using SAML 2.0 authentication.

Prerequisites

Before configuring SSO for Okta, ensure you have:

  • Admin role in Bloomreach.
  • Admin access to Okta identity provider.
  • Active SSO feature on your account (contact your Customer Success Manager for activation).
  • User email addresses that to receive verification emails.

Configure Okta SSO

To enable Okta as your identity provider for Bloomreach authentication, you need to set up a SAML 2.0 app integration in your Okta dashboard. You’ll be switching between Okta and Bloomreach to complete the setup:

  1. Okta: Create the integration app (Step 1).
  2. Bloomreach: Enable SSO in Bloomreach (Step 2).
  3. Okta: Configure the SAML settings and get metadata URL (Step 3-4).
  4. Bloomreach: Complete the configuration (Step 5).

📘

Note

Each step in the procedure represents consecutive action on the previous step and assumes its completion.

Step 1: Create application integration

Access your Okta administration dashboard and follow these steps:

  1. Go to Applications.
  2. Click Create App Integration.
Okta Applications dashboard with Create App Integration button highlighted.

Create new app integration in Okta.

  1. Select SAML 2.0 as the sign-in method.
  2. Click Next.
  3. Set the application name and icon.
  4. Click Next.
Okta Create new app integration dialog with SAML 2.0 option selected.

Select SAML 2.0 as a sign in method.

Step 2: Enable SSO and get configuration data

Switch to Bloomreach to enable the SSO and get the required configuration values:

  1. Go to Administration > Settings > Single sing-on > Preferences.
  2. Enable the Single sign-on integration toggle.
  3. Click Show configuration in the Service provider metadata section.
Bloomreach SSO settings with Single sign-on integration toggle and Show configuration button highlighted.

Enable SSO and get configuration data in Bloomreach.

The Service Provider Configuration window displays the values you need. Keep this window open as you'll need the Single Sign-On URL and Entity ID values from it in the next step when you return to Okta.

Bloomreach Service provider configuration showing Single Sign-On URL and Entity ID fields highlighted.

Okta SSO values needed for Bloomreach integration.

Step 3: Configure SAML settings

Return to Okta and configure the SAML settings:

  1. Copy the single sign-on URL from Data hub.
  2. Paste it into the single sign-on URL field in Okta.
  3. Copy the Entity ID from Data hub.
  4. Paste it into the Audience URI (SP Entity ID) field in Okta.

Configure these additional settings in Okta:

SettingValue
Name ID formatEmailAddress
Application usernameEmail

In the Attribute Statements section, add three attributes:

NameName formatValue
emailBasicuser.email
first_nameBasicuser.firstName
last_nameBasicuser.lastName
Okta SAML Settings page showing General settings and Attribute Statements configuration fields.

SAML settings in Okta.

📘

Note

Add a phone attribute (optional) if you have phone data available (for example, using user.primaryPhone attribute).

Click Next. Okta displays a feedback form asking how you'll use this integration. You can provide feedback or skip this step. It doesn't affect your configuration.

Step 4: Get metadata URL

Get the metadata URL from Okta:

  1. On the Application settings page, go to the Sign On tab.
  2. Scroll to SAML Signing Certificates.
  3. Find the active certificate.
  4. Click Actions > View IdP metadata.
Okta SAML Signing Certificates section with Actions dropdown and View IdP metadata option highlighted.

Get metadata URL from Okta.

  1. Copy the URL from your browser's address bar to the clipboard.
Browser address bar showing Okta metadata URL.

Copy the URL.

Step 5: Complete the configuration

Finish the configuration in Bloomreach:

  1. Go to Administration > Settings > Preferences.
  2. Paste the URL into the Metadata URL field under Identity provider metadata.
  3. Click Apply URL.

Verify that the metadata contains a valid SSO URL and that the encryption/signing certificates haven't expired.

Bloomreach Identity provider metadata configuration with metadata URL and certificate details highlighted.

Paste the metadata URL to Bloomreach settings.

  1. Click Save changes.
  2. Navigate to Administration > Settings > Security > Authentication settings.
  3. Enable single sign-on as an allowed authentication method.
  4. Optional: To require all users to use SSO (and prevent email/password login), disable Email and Social authentication methods. Ensure the SSO is working before enforcing this step.
  5. Click Save changes.
Bloomreach Authentication settings with Single sign-on checkbox highlighted.

Enable SSO login method.

All users you assign to the application in Okta can now log in to the Bloomreach application and access their subscribed Bloomreach products using Okta SSO.

Next steps

  1. Assign users to the application in Okta.
  2. Assign user roles via SSO (see Unified SSO authorization for Okta).
  3. Test the SSO login with a test user.
  4. Communicate the change to your team.

Updated about 6 hours ago