Configure Okta single sign-on with Unison

Who can use this feature?

  • Admins
  • Available on all plans

Unison supports single sign-on (SSO) with Okta for managing user access to the Unison platform. 

Before you begin

Here's what you need:

  1. Administrator access to your Okta tenant
  2. The list of users who need access to Unison

Additional considerations

  • All users must have a valid email address, first name, and last name in Okta
  • User access is managed through Okta assignments; add or remove users as needed
  • For security, consider requiring MFA for the Unison application in your Okta settings (optional)

Step 1: Create a SAML application in Okta

  1. Log in to your Okta Admin Dashboard.
  2. Navigate to Applications > Applications.
  3. Click Create App Integration.
  4. Select SAML 2.0 as the Sign-in method, and click Next.
  5. Configure Basic Settings:
    • App name: Unison
    • App logo: Upload your company logo (optional)
  6. Click Next.

Step 2: Configure SAML Settings

  1. Configure SAML Settings:
    • Single Sign-On URL: https://totango-unison.eu.auth0.com/login/callback
    • Audience URI (SP Entity ID): urn:auth0:totango-unison:connection-name-provided-by-unison
    • Name ID Format: EmailAddress
    • Application username: Email
  2. Configure Attribute Statements:
    • Add the following attributes with Name Format set to Basic:
      • Name: email → Value: user.email
      • Name: firstName → Value: user.firstName
      • Name: lastName → Value: user.lastName
  3. Click Next.

Step 3: Finalize application setup

  1. Select the appropriate visibility settings for your organization.
  2. Choose "I'm an Okta customer adding an internal app."
  3. Click Finish to create the application.

Step 4: Assign users to the application

  1. Navigate to your newly created application.
  2. Click the Assignments tab.
  3. Click Assign, and select either:
    • Assign to People (for individual users)
    • Assign to Groups (if you want to manage access via groups)
  4. Select the appropriate users or groups.
  5. Click Assign, and then Save and Go Back.

Step 5: Download SAML metadata

This step is required for Unison team to configure SSO.

  1. Go to the Sign On tab of your application.
  2. Find the section for SAML (SHA-2) Signing Certificates.
  3. Click the Actions drop-down for the active certificate.
  4. Select View IdP metadata.
  5. Send the URL for the IdP metadata to your Unison CSM. Example:
    https://dev-44236121.okta.com/app/exkopzsr50I2v3kOY5d7/sso/saml/metadata

Step 6: Test the integration

Once the Unison team confirms your SSO configuration is complete:

  1. Log out of any existing Unison sessions.
  2. Open a new browser window in incognito/private mode.
  3. Navigate to Unison: https://unison.totango.com.
  4. Enter your work email address.
    You should be automatically redirected to your Okta sign-in page.
  5. After authenticating, you should be redirected back to Unison.

Troubleshooting

If you encounter any issues:

  • Verify the SAML configuration in Okta matches the settings provided in this guide.
  • Ensure users are properly assigned to the application.
  • Check that the email domains for assigned users match those provided to the Unison team.
  • Contact Unison support for assistance.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request