Skip to content
English
Back to IRIS Website
  • There are no suggestions because the search field is empty.

SAML SSO with Okta

Enable users to log in to IRIS Clarity with their Okta credentials via SSO.

 

Configure SSO in the IRIS Dashboard

Head to the IRIS Clarity dashboard and navigate to the SSO settings page: Team > Manage team > Configure SSO. This will open a step-by-step guide to setting up SSO.
  1. Select Okta as your identity provider
  2. Enter a domain name. This must be unique to you (we will verify that it is available)
Alphanumeric (numbers and/or letters)Lower case
  • No special characters (!@£$%^&()-+=)
  • No spaces
  • 4-40 characters in length
Examples
  • ✅ shapedbyiris
  • ✅ shapedbyiris2
  • ❌ shapedbyIRIS
  • ❌ shaped.by-iris

 

Add IRIS Clarity app to Okta

  1. Log in to the Okta Admin Console
  2. Go to Applications > Applications
  3. Click Create App Integration
  4. Select SAML 2.0 and click Next
  5. Enter IRIS Clarity as the App name
  6. Optionally upload a logo, then click Next

Configure SAML settings in Okta

  1. Set Single sign-on URL to the Reply URL (Assertion Consumer Service URL) that was generated in the IRIS Clarity dashboard
  2. Example: https://backend.iris.audio/v1/sso/login-idp/yourdomainname/callback
  3. Set Audience URI (SP Entity ID) to the Identifier (Entity ID) that was generated in the IRIS Clarity dashboard
  4. Example: https://shapedbyiris.com/yourdomainname
  5. Set Name ID format to EmailAddress
  6. Set Application username to Email
  7. Click Next
  8. Select I'm an Okta customer adding an internal app and click Finish

Get the Metadata URL from Okta

  1. In your IRIS Clarity application, go to the Sign On tab
  2. Under SAML 2.0, find Metadata details and copy the Metadata URL
  3. Example: https://yourcompany.okta.com/app/abc123def456/sso/saml/metadata
  4. In the IRIS Clarity Dashboard, paste this URL in the App Federation Metadata URL section
  5. Click Save
No further configuration is needed in the IRIS Clarity dashboard.
 

Assign users to the application

  1. In the Okta Admin Console, go to your IRIS Clarity application
  2. Go to the Assignments tab
  3. Click Assign and select either:
  4. Assign to People - to add individual users
  5. Assign to Groups - to add entire groups
  6. Select the users or groups you want to grant access to
  7. Click Assign for each selection, then click Done
Important: Users must also be invited to IRIS Clarity from the IRIS account dashboard with the same email address they use in Okta. To ensure that new users can login with SSO without initially logging in with an email and password, check "Users will only be able to login with SSO" before inviting users.
 

Test Single Sign-On

You can test that single sign-on has been configured correctly:

  1. Open a new incognito/private browser window
  2. Go to the IRIS Clarity login page
  3. Click Log in with SSO
  4. Enter your SSO domain name (e.g., shapedbyiris)
    1. You should be redirected to Okta to authenticate
  5. After successful authentication, you should be logged in to IRIS Clarity

Troubleshooting

  • "User is not assigned to this application"

This error means the user exists in Okta but hasn't been assigned to the IRIS Clarity application. Go to the Assignments tab in your Okta app and assign the user.

  • "No user found"

This error means the user successfully authenticated with Okta but doesn't have an account in IRIS Clarity. Invite the user from the IRIS dashboard using the same email address they use in Okta.

  • Invalid metadata URL

Ensure the metadata URL is from your Okta domain (e.g., https://yourcompany.okta.com/...) and uses HTTPS.