Knowledge Base

Documentation to help you use the POEditor localization platform effectively

Okta Single Sing-On (SSO)

Owner

SAML-based Single Sign-On can be used only with POEditor organizations that have a paid plan.

To set up SAML-based SSO login for a POEditor organization using the Okta app, you can follow the steps in this article.

You can get started by going to Organization Settings > Organization > Single Sign-On and entering the password for your personal POEditor account.

What you need to set up in Okta

In the Okta IdP, you will need to:

1) Create an app for POEditor. Log in to Okta, go to Admin > Applications > Create App Integration and create a SAML 2.0 app.

Create new app in Okta Admin panel

Give your app a name, fill in the other details for the connector (optional), and hit Next.

2) Configure the SAML app. In the Configure SAML section of your newly created SAML app, you will need to configure the following settings:

  • fill in Single sign-on URL with the ACS URL in POEditor
  • fill in the Audience URI (SP Entity ID) with the Entity ID in POEditor
  • set the Name ID format to EmailAddress
  • fill in the Attribute Statements with the following: email for user.email, firstName for user.firstName, lastName for user.lastName, userID for user.Login, teams for the Groupe Attribute.

You can see a sample configuration below.

SAML app configuration for Okta

What you need to set up in POEditor

In POEditor, you will need to add:

1) a Default Team, which is the POEditor team where the users from your identity provider will be added, unless you already have them grouped in your IdP and send them as such to our platform, in which case each group will create a team in POEditor.
2) the SAML File Content. This is the Metadata of the SAML 2.0 app you created, that you can find in the Sign On tab in Okta.

SAML app metadata in Okta

Once everything is properly set up in both the POEditor localization platform and in the OneLogin IdP, the users added to your IdP can login to POEditor using the Sign in URL.

You can restrict access to your organization's assets for users without SSO if you enable the Require SSO option in the Organization Settings.

Additional help

Related articles