Okta SSO Setup Guide

Last updated: April 6, 2026

This guide explains how to set up a SAML integration through Okta to access Unwrap. You will need to create two applications: one for the actual SAML 2.0 App integration with Unwrap and a Bookmark app that gives users an IdP-initiated login experience from Okta.

Prerequisites

  • Administrative access to your Okta organization

  • Access to create new applications in Okta

  • Contact with your Unwrap representative for configuration details

Step 1: Create SAML 2.0 Application

  1. In your Okta Admin Console, navigate to Applications > Applications

  2. Click Create App Integration

  3. Select SAML 2.0 and click Next

  4. Enter an App name (e.g., "Unwrap SAML")

  5. Optionally add an App logo and click Next

Step 2: Configure SAML Settings

Configure the following SAML settings:

Basic SAML Configuration

  • Single Sign on URL: [Provided by Unwrap team]

  • Audience URI (Entity ID): [Provided by Unwrap team]

  • Default Relay State: Leave empty

  • Name ID format: Default

  • Application username: Default

  • Update application username on: Default

Attribute Statements

Add the following attribute statements with Name Format: Unspecified:

Name

Value

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

user.email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

user.firstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

user.lastName

Group Attribute Statements

None required.

  1. Click Next and then Finish

Step 3: Hide SAML Application from End Users

Since users will access Unwrap through the bookmark application (created in Step 5), hide the SAML application from end users:

  1. In your SAML application, go to the General tab

  2. In the App Settings section, click Edit

  3. Set Do not display application icon to users to checked

  4. Click Save

Step 4: Get Metadata URL for Unwrap

Unwrap needs your SAML metadata URL to complete the integration:

  1. Go to your newly created application

  2. Click on the Sign On tab

  3. Scroll to SAML Signing Certificates

  4. Click Actions > View IdP metadata

  5. Copy the URL from the new tab that opens (format: https://{your-domain}/app/{app_id}/sso/saml/metadata)

Important: Provide this metadata URL to your Unwrap contact or add it to your shared setup document.

Step 5: Create Bookmark App (Required)

This provides users with an IdP-initiated login experience through Okta's Apps page:

  1. Navigate to Applications > Browse App Catalog

  2. Search for "Bookmark App"

  3. Click on the Bookmark App and select Add Integration

  4. Enter an Application label (e.g., "Unwrap")

  5. URL: [SP-initiated login URL will be provided by Unwrap team]

  6. This will be in the format: https://app.unwrap.ai/login/sso?iss=[your-okta-domain]&tenant=[tenant-name]

  7. Click Done

  1. Click the app image pencil icon in the upper right corner

  2. Download and upload the Unwrap logo: Unwrap Logo

Step 6: Assign Users and Groups

  1. For both applications (SAML and Bookmark), go to the Assignments tab

  2. Assign appropriate users or groups who should have access to Unwrap

  3. Click Assign > Assign to People or Assign to Groups

Next Steps

  1. Send metadata URL: Provide the metadata URL from Step 4 to your Unwrap contact

  2. Wait for deployment: Unwrap will configure the integration on their end

  3. Access Unwrap: Once deployed, users can access Unwrap through the bookmark app from Okta dashboard

Important Notes

  • Both SSO and traditional username/password authentication will continue to work after setup

  • The SAML application is hidden from end users; they will only see the bookmark app

  • The bookmark app URL will only function after Unwrap completes the backend configuration

  • Both applications are required for proper SSO functionality

  • Users must be assigned to both applications