--- title: "OKTA SSO Integration Guide for Nucleus VIP" slug: "okta-sso-integration-guide-for-nucleus-vip" updated: 2025-08-06T20:58:24Z published: 2025-08-06T20:58:24Z canonical: "help.nucleussec.com/okta-sso-integration-guide-for-nucleus-vip" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt > Use this file to discover all available pages before exploring further. # OKTA SSO Integration Guide for Nucleus VIP This guide provides detailed steps for configuring OKTA SAML 2.0 Single Sign-On (SSO) with Nucleus VIP. 1. **OKTA Setup** **1.1 Create an application in OKTA** - Navigate to Applications > Create App integration > SAML 2.0 - Set an appropriate App name and optional details. Click Next. **1.2 Configure the SAML Settings** - update the fields to match the instance domain - single sign-on URL: [https://vip.nucleussec.com/sso/acs/](https://vip.nucleussec.com/sso/acs/) - Audience Restriction: [https://vip.nucleussec.com/sso/audience/](https://vip.nucleussec.com/sso/audience/) - Application username: Email - Set up the following Attribute statements: **1.3 Attribute Statements** | **Name** | **Name Format** | **Value** | | --- | --- | --- | | **email** | Unspecified | user.email | | **first_name** | Unspecified | user.firstName | | **last_name** | Unspecified | user.lastName | | **username** | Unspecified | user.email | | **external_id** | Unspecified | user.login | **1.4 Complete Setup** - click Next, and Finish **1.5 Provide Metadata and Certificate** After creating the Okta application, retrieve the Metadata URL from the application’s configuration. Within VIP, click the profile icon in the top right > select My Organization > then Settings in the left pane. Here you’ll see an “SSO Configuration” section where you can select Okta SAML 2.0. Provide VIP the Metadata URL as well as the Organization’s Okta domain. ![](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image(507).png) **1.6 Save Changes** - Click Save changes to apply the configuration - Once completed, users in the organization will be able to log in via SSO. If a user does not already exist in the system during their first SSO login, the system will: - Automatically create the user - Assign them to the organization - Link their account to their Okta profile.