# Okta Configuration

{% hint style="info" %}
For a 100% cloud-based integration with Okta, see [Keeper SSO Connect Cloud](https://docs.keeper.io/sso-connect-cloud)
{% endhint %}

### Okta SSO Configuration

Login to the Admin section of the Okta portal.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JOzVB-Njmj7e46yY%2F-LU2JXmQGdc0RnkQmjGO%2Fsso-step-73b.png?alt=media&#x26;token=bcae02f1-de51-40a8-b1b6-fe723696ebb3" alt=""></div>

Select **Admin**

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JOzVB-Njmj7e46yY%2F-LU2JgfiBBp1xLb1QCBr%2Fsso-step-74b.png?alt=media&#x26;token=a5186b9c-9a77-4ba8-bb8f-f0e94d75d3bb" alt=""></div>

Select the **Applications** tab and select **Applications**.

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JwMn2Hyxg_o_I_U7%2F-LU2KXZUVJLxuMiQ_lUZ%2Fsso-step-75b.png?alt=media\&token=cde46ff2-c93e-4bd6-9edf-0c3bbd9aca8e)

Next, select the **Add Application** button.

<div align="left"><img src="https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JwMn2Hyxg_o_I_U7%2F-LU2KpRXQqlGKmelB0H-%2Fsso-step-76b.png?alt=media&#x26;token=448ef4ea-f452-4225-a66f-4dc437dd97d2" alt=""></div>

In the application search field, type **Keeper Password**, and then select the **Add** button for the Keeper Password Manager and Digital Vault Application.

![Add Keeper Password Manager](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LowM2jZP6EHmo3F7UmI%2F-LowM6nv-W6jeG49yGEq%2FScreen%20Shot%202019-09-16%20at%204.15.26%20PM.png?alt=media\&token=1e09a4bc-f9de-4a3a-a8da-559dd216e927)

On the General Settings page, Enter the Entity ID from your Keeper SSO Connect server: (i.e. <https://DOMAIN:8443/sso-connect> where **DOMAIN** is the server name or IP address of your Keeper SSO Connect application ). Then select the **Done** button.

![Add Server Base URL](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LowM2jZP6EHmo3F7UmI%2F-LowMR1SVO41LZQ9sXi5%2FScreen%20Shot%202019-09-16%20at%204.16.51%20PM.png?alt=media\&token=ed7636c3-6b3a-4b50-9841-2eadfd5d17fd)

Add users or groups on the **Assignments** page. (This step can be skipped and returned to after setup is complete.)-

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JwMn2Hyxg_o_I_U7%2F-LU2LfAIfgHz7tyCAZDr%2Fsso-step-79b.png?alt=media\&token=11654871-dbd4-4c94-b83c-504e7b0ef0a2)

Next, select the **Sign On** tab.

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LlEV0oIylPTavfPgeJA%2F-LlEVbmbSaoM4juXPg8K%2Fokta_3.png?alt=media\&token=ceaaf7e7-367a-4612-a15b-d42525909c4d)

Select the **Edit** button.

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JwMn2Hyxg_o_I_U7%2F-LU2LvGr0MAdvSpio94D%2Fsso-step-81b.png?alt=media\&token=6dc7512f-8ed5-4707-8639-9071fd66517b)

Next, check the **Enable Single Logout** setting and choose a certificate to upload.

* This can be generated by following the [Okta instructions](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Keeper-Password-Manager-and-Digital-Vault.html).

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2JwMn2Hyxg_o_I_U7%2F-LU2M7lEyUqsWVS4Cc9V%2Fsso-step-82b.png?alt=media\&token=79ad8414-4d67-42bd-8d9e-71ebcf990a72)

After selecting upload the certificate file (.crt) for the Keeper SSO Connect SSL instance endpoint.

![Certificate Upload](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LowM2jZP6EHmo3F7UmI%2F-LowOhgsJ2Wj1tduVz2L%2FScreen%20Shot%202019-09-16%20at%204.26.54%20PM.png?alt=media\&token=3eba169b-9f45-4dd7-90a6-b930380f2689)

After the file is successfully uploaded, select save at the bottom of the Sign On page.

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2MQg4tvq-NRURnJQB%2F-LU2MijSMhUBn6TY6xHy%2Fsso-step-84b.png?alt=media\&token=a89532e2-b5d2-4508-b864-e41b713105f2)

The setting will be saved.

![](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LU2MQg4tvq-NRURnJQB%2F-LU2PEZXZkn_j-BKMAJb%2Fsso-step-85b.png?alt=media\&token=49e30827-b942-4194-bda0-02505758fbaf)

Scroll down to the SAML 2.0 configuration section, download the **Identity Provider metadata** file. Rename the file to metadata.xml. This will be used in Step 8.

![Download Metadata](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LowM2jZP6EHmo3F7UmI%2F-LowO5MbMWtuXBrCzNnb%2FScreen%20Shot%202019-09-16%20at%204.23.32%20PM.png?alt=media\&token=cacfc72d-f066-41af-9e74-fc10dc3744da)

* The **View Setup Instructions** link provides additional setup instructions many of which are also found within this document.

Upload metadata.xml file into the Keeper SSO Connect interface by dragging and dropping the file into the Setup screen:

![Upload Metadata File](https://2635959690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LTyMp7XGU8wh-hRPBiB%2F-LowM2jZP6EHmo3F7UmI%2F-LowOJiSg3iN3d_k5O_w%2FScreen%20Shot%202019-09-16%20at%204.25.11%20PM.png?alt=media\&token=669cfe06-1b1d-45ea-ac76-017738fd1a7f)

Select **Save** and Your Keeper SSO Connect setup is now complete!

### Okta SCIM Provisioning

To enable Okta SCIM user and group provisioning please follow the below guide:

{% embed url="<https://docs.keeper.io/enterprise-guide/user-and-team-provisioning/okta-integration-with-saml-and-scim>" %}