Okta SSO Guide

Okta SSO Guide

This guide will walk you through the steps to integrate Okta Single Sign-On (SSO) with the ComplyFirst platform. By following these instructions, your users will be able to log in to ComplyFirst using their Okta credentials.

Supported Features

ComplyFirst supports the following Okta SSO features:

  • IDP-Initiated: Users can log in directly from their Okta dashboard
  • SP-Initiated: Users can start the login process from the ComplyFirst platform
  • Just-In-Time (JIT) Provisioning: User accounts are automatically created in ComplyFirst when users authenticate for the first time through Okta SSO, eliminating the need for manual user invitation in many cases

SP-Initiated Flow

For SP-initiated SSO, users can begin the authentication process from ComplyFirst:

  1. Go to: https://app.complyfirst.co/login
  2. Click "Single Sign-On"
  3. Enter your Organisation ID when prompted

Step 1: Set up ComplyFirst in Okta

  1. Log into your Okta Admin Console.
  2. Navigate to Applications → Applications.
  3. Click on Browse App Catalog.
  4. Search for ComplyFirst in the app catalog.
  5. Click Add Integration.
  6. During setup, you will be prompted to enter an Organisation ID. This is a short name for your organisation and will be used when logging into ComplyFirst through Okta.
    Example: If your organisation is "Acme Corp", you might enter acme as the Organisation ID.
  7. After the app is created, go to the Sign On tab of the ComplyFirst app in Okta.
  8. Locate and copy your Client ID and Client Secret. These will be required when configuring the integration in ComplyFirst.

Step 2: Connect Okta within ComplyFirst

  1. Log into the ComplyFirst platform as the company admin.
  2. Go to Settings → Integrations.
  3. Toggle the Okta integration switch to open the connection modal.
  4. In the connection settings:
    • Enter the same Organisation ID used during Okta setup.
    • Provide your Okta domain URL.
      Format: https://{organisation}.okta.com
      Example: https://acme.okta.com
    • Enter the Client ID and Client Secret copied from the Okta app's Sign On tab.

Once completed, users in your Okta directory will be able to log in to ComplyFirst using their Okta SSO credentials. User accounts will be automatically created through Just-In-Time (JIT) provisioning when they first authenticate.