This guide provides detailed steps for configuring OKTA SAML 2.0 Single Sign-On (SSO) with Nucleus VIP.
OKTA Setup
1.1 Create an application in OKTA
Navigate to Applications > Create App integration > SAML 2.0
Set an appropriate App name and optional details. Click Next.
1.2 Configure the SAML Settings
update the fields to match the instance domain
single sign-on URL: https://vip.nucleussec.com/sso/acs/
Audience Restriction: https://vip.nucleussec.com/sso/audience/
Application username: Email
Set up the following Attribute statements:
1.3 Attribute Statements
Name | Name Format | Value |
Unspecified | user.email | |
first_name | Unspecified | user.firstName |
last_name | Unspecified | user.lastName |
username | Unspecified | user.email |
external_id | Unspecified | user.login |
1.4 Complete Setup
click Next, and Finish
1.5 Provide Metadata and Certificate
After creating the Okta application, retrieve the Metadata URL from the application’s configuration.
Within VIP, click the profile icon in the top right > select My Organization > then Settings in the left pane. Here you’ll see an “SSO Configuration” section where you can select Okta SAML 2.0. Provide VIP the Metadata URL as well as the Organization’s Okta domain.
.png)
1.6 Save Changes
Click Save changes to apply the configuration
Once completed, users in the organization will be able to log in via SSO. If a user does not already exist in the system during their first SSO login, the system will:
Automatically create the user
Assign them to the organization
Link their account to their Okta profile.