DX supports IdP- and SP-initiated Okta SAML 2.0 authentication, as well as SCIM directory sync.

Navigate to the SAML SSO admin settings in DX to obtain:

From the Okta admin portal, create a new SAML 2.0 app integration.
​

In the "General Settings" step, enter "DX" as the App name and upload the DX application icon.

In the "Configure SAML" step, enter the single sign-on URL and Audience URI from step one. In addition, select EmailAddress as your Name ID format.

In the final step, mark your integration as an internal app and then enter your Metadata URL here. Once entered, click update to apply the changes. You may opt to only allow authentication through Okta or still allow other forms of password-less authentication and single sign-on.

User metadata such as manager, start date, and GitHub/GitLab usernames can be imported via Okta SCIM. To enable this, please contact your DX Account Representative.

Before getting started, we highly recommend exporting your current user data in case Directory Sync is mis-configured and updates user attributes incorrectly. To export your user data, go to the User CSV import page and click "Export CSV" in the upper right-hand corner.

1. Go to the Directory Sync settings page in DX, and click "Enable". This will take you to the WorkOS portal. From there, choose "Okta" as your directory provider and follow the step-by-step instructions to create your Okta App for DX.

When you get to the "Set up Attribute Mapping" step, you will need to configure the Okta App's profile with custom attributes.

1. There are some default attributes that should be left as-is. The following attributes should be left unedited so DX can correctly identify users via email and keep user names up-to-date.

2. To sync start dates, manager emails, GitHub usernames, and GitLab usernames, create custom attributes by clicking "Go to Profile Editor" from the "Provisioning" tab in the Okta App.

3. From the Profile Editor, click "+ Add Attribute".

4. To sync custom user attributes, prefix the "External name" value with "tag_". In the example below, DX would create and sync a new user tag called "Seniority". Use underscores to denote more spaces (e.g. tag_Shirt_Size will become "Shirt Size" in DX).

5. Once your attributes are added, click "Mappings" from the Profile Editor to configure how the values are populated. After this, you can continue through the rest of the WorkOS steps.

Currently, user provisioning is not supported - DX only updates existing user attributes. At this point, your Okta App's Attribute Mappings should look something like this.

Follow the rest of the step-by-step instructions to complete the directory sync setup. When you are done, you should see the directory sync marked as connected in DX. The directory sync runs automatically each night. If you'd like to run an immediate directory sync after initial setup, please contact support.

This indicates that there are no groups or users assigned to the Okta app. Go to the "Assignments" tab in Okta and add a group or set of users you want to sync with DX.

If a custom field is not syncing, check that the Okta field has its External namespace set to urn:ietf:params:scim:schemas:core:2.0:User. Once the field configuration is updated, click the "Force sync" button within Okta.