> ## Documentation Index
> Fetch the complete documentation index at: https://enterprise-docs.dify.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring SAML with Okta

In this guide, we will use Okta as the SSO provider, utilizing the SAML protocol to connect to the Dify Enterprise.

## 1. Create a new application in Okta

1. Access the Okta admin dashboard
2. Navigate to the Applications page
3. Click the "Create App Integration" button

![](https://assets-docs.dify.ai/2025/05/49d2eb9547c644a90a50e7ac1972b90c.png)

4. Select "SAML 2.0" as the application type

![](https://assets-docs.dify.ai/2025/05/409f64e068449c2f9dc9c3e471a36946.png)

5. Click Next to access the Configure SAML page
6. Wait before filling in the parameters and open a new browser tab

Follow the instructions below to obtain the necessary information, then continue filling in the details.

## 2. Configure the Okta application

1. Copy the Dify Enterprise Version's Callback URL:

   * Click on the Authentication page of the Dify Enterprise dashboard
   * Tap **"+ New Identity Provider → New OIDC Provider"**
   * View the Callback URL

   ![](https://assets-docs.dify.ai/2025/05/b5f44f58a5737409eff4b6b674ab63ac.png)

   It typically follows this format:

   ```
   https://[your-dify-enterprise-url]/console/api/enterprise/sso/saml/acs
   ```

2. Configure Okta:

   Paste it into the Single sign-on URL and Audience URI (SP Entity ID) fields on the Configure SAML page.

   ![](https://assets-docs.dify.ai/2025/05/e6c1a1521306919ab325030adafb2d2b.png)

   After filling in the URL, continue with the following settings:

   * Set the Name ID format to EmailAddress
   * Under "Show Advanced Settings", verify that both the response and assertion signatures are set to Signed Click the "Next" button to complete the setup.

## 3. Complete the configuration on Dify

1. Gather information from Okta:

   * Go to the "Sign On" page of your Okta application and find:
     * Sign-on URL
     * Signing certificate

   ![](https://assets-docs.dify.ai/2025/05/edd232ff0c1e0a28243fdce755f8ea1b.png)

2. Assign members:

   * On the "Assignments" page, assign the members who are allowed to use SSO login

   ![](https://assets-docs.dify.ai/2025/05/7ce55440e9bce1965712e167ab8e8567.png)

3. Configure Dify:

   * Return to the Authentication page of the Dify Enterprise
   * Tap **"+ New Identity Provider → New SAML Provider"**
   * Fill in the information obtained from Okta

   When filling in the X509 Signing Certificate, use the following format:

   ```
   -----BEGIN CERTIFICATE-----
   {certificate}
   -----END CERTIFICATE-----
   ```

   ![](https://assets-docs.dify.ai/2025/05/1548ea93cfa68352384295fef8b038e3.png)

## 4. Enable SSO Enforcement

After completing the SAML Provider configuration, tap the toggle button to the right of **"Workspaces SSO"** to enable SSO authentication for your team.

Once enabled, members of your organization must complete the SSO authentication before accessing resources in the Dify Enterprise
