## Create SAML application with Okta

This guide outlines the steps to create and configure a SAML application in Okta, including setup, user assignments, and metadata submission.

### Step 1: Create SAML application

1. Log in to your Okta Application Dashboard and click **Applications** in the sidebar.


![okta](/assets/okta-1.3bc846f6628ce6c108d3ca33dd0f202ad018bd1fc0279d6e73d6586546d9e07e.dba07de7.png)

1. Click **Create App Integration**.


![okta](/assets/okta-2.c3a3528d7481242d1105c131fbfb09e3778d4e124356957631b27bd46ecd3b5e.dba07de7.png)

1. Click **Create New App** and choose **SAML 2.0** as the Sign-in method. Then, click **Next**.


![okta](/assets/okta-3.945f62f8105d345e2767be252aafbb630aedc322434ba5dad8875f65b654f69c.dba07de7.png)

1. Enter the name of your application, then click **Next**.


![okta](/assets/okta-4.dc6b27363e8fb255c4dd2cb6154069de6d8b782be2b540030fdc462d54e9f470.dba07de7.png)

1. Copy and paste the values into the relevant fields in the **SAML Settings** section.


![okta](/assets/okta-5.639a2a1e2ccf1d06ff17a2f79401f1a0b04a91ba64b2e9d1548adbd06ad26ed0.dba07de7.png)

![okta](/assets/okta-6.d2944fa486cd779ecdc193d43b27e573388a748d5532fa762c055618b848680b.dba07de7.png)

### Step 2: Fill attribute statements (optional)

1. Go **Attribute Statements (optional)** configuration in SAML Settings, fill in the following Attribute Statements and click **Next**:


![okta](/assets/okta-7.68d13e3f66c7f8752c71f19187e0720c209a8aa1847366c5289c2f1be939f73c.dba07de7.png)

![okta](/assets/okta-8.89948b2be7d03f4588d5855a673b3e1740a7f2afc7e3c230e7a173cabba061e2.dba07de7.png)

1. To complete the app creation process, proceed to the next page and skip or fill out the survey. Click on **Finish**.


![okta](/assets/okta-9.71ce03c6dfbc70bcee28446fe4316f8cdacf4f15f9170309d6b970788e0b061a.dba07de7.png)

### Step 3: Assign users

Define which groups should be allowed to log in via SAML SSO in Okta using the app you've created.

1. Switch to the **Assignments** tab, click **Assign**, and choose **Assign to Groups**.


![okta](/assets/okta-10.4bb39779f09f7cb46e1ce0d167d96d9d5bcd6d038289780dd75be70923907a39.dba07de7.png)

1. Locate the specific group(s) you wish to assign to the app and click **Assign** next to each of them. Once finished, click **Done**.


![okta](/assets/okta-11.11d198dad037322f523c29c9263ed4da823b2f4db78667e85a5b3aba240a767a.dba07de7.png)

### Step 4: Submit metadata

To complete the implementation of SAML SSO, you need to provide the application with your identity provider's metadata.

#### Automatic configuration

1. Click on the **Sign On** tab of the SAML app you just created.
2. Copy the **Metadata URL** and paste it below.


![okta](/assets/okta-12.6d3f61ba5121513438b0fe4cad4f8fdd970facf8cf62647882421b5846379516.dba07de7.png)

![okta](/assets/okta-13.d8696cd08ee823f2fa705833cf0e4b26dab3c55f8302af151acea320f7fb0d89.dba07de7.png)

#### Manual configuration

1. Click on the **Sign On** tab of the SAML app you just created.
2. Click on **View SAML setup instructions**.
3. Copy the value of the **Identity Provider Single Sign-On URL** and **X.509 Certificate** fields, and then paste them into the appropriate fields in the form below.


![okta](/assets/okta-14.c845135b08d2e84e7763a909d656d44573b0f5ee01a52a255d2244fd66ef52cd.dba07de7.png)

![okta](/assets/okta-15.d3c360f358159c0821fce206aade629c26323b0342986e3bb42d96b74a1f1100.dba07de7.png)

### Step 5: Proceed with domain claiming and role assignment

1. Click on **Proceed with domain claiming and role assignment** to confirm the completion the configuration of the IDP form.
2. Follow the instructions in the [Self-service SAML configuration](/ciam/guides/authentication/sso/self-service/saml#claim-domain) guide to complete this step and manage authorization.