Observe supports using Okta as an IdP with SAML support. Observe supports the following features:

Identity Provider(IdP)-initiated SSO
Service Provider-initiated SSO
Just-In-Time Provisioning

📘
Note
Use of stem names instead of Observe Customer IDs is not supported at this time.

Configure Okta for SAML

Log into Okta as the admin and go to the Admin page.
Navigate to Applications > Applications > Browse App Catalog.
Enter Observe into the App Catalog search field and choose Observe.
Select Observe from the list of apps, and click Add.
Enter your Observe customer ID as the Customer ID.
Enter the base domain for your region as the Base Domain. For example, if the URL for your Observe tenant is 123456789012.eu-1.observeinc.com, then the base domain is eu-1.observeinc.com.
Select Do not display application icon in the Okta mobile app.
Add users and groups to Okta.
Click View Setup Instructions. Copy the text of the SAML certificate.

Group membership attributes

Observe supports receiving group membership claims via SAML. In the Sign On configuration area of the Observe app for Okta, click "Edit" in the top right, and then expand Attributes (optional) section, and select Group Attribute Statements (optional) and in the Name field, type groups (note this is case sensitive).

Configure Observe

Perform the following steps to configure Observe for Microsoft Entra ID SSO:

In the left navigation rail, hover on your user name, then select Manage account.
Click Customer settings.
Click Add SAML.

In your Okta app, copy the value for Sign on URL and paste it into the Entry point field.

Copy or download the Signing Certificate from your Okta app, and paste the certificate into the Cert field.

📘
Note
Certificates must be in PEM/Base64 encoded format. The format starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE----- and contains a base64 encoded string between the two.

Click Add SAML Provider to finish the configuration.