> For the complete documentation index, see [llms.txt](https://help.dscout.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.dscout.com/account-management/user-management-and-security/sso-okta-integration.md).

# SSO: Okta integration

{% hint style="info" %}
**Note:** SAML SSO is only available on **Core**, **Plus**, **Select**, and **Enterprise** plans.
{% endhint %}

{% hint style="success" %}
You’ll need Admin or Account Owner access to your Dscout account to set up SSO. If possible, we also recommend partnering with your organization’s IT team as they will be most familiar with your organization’s security details and systems.
{% endhint %}

Single sign-on (**SSO**) is a faster, easier, and more secure way for users to log in to the Dscout platform. SSO works by establishing a connection between a service provider (**SP**)—in this case, Dscout—and an identity provider (**IdP**) like Okta, OneLogin, or Google. Once configured, Dscout can rely on your IdP to authenticate users rather than requiring users to enter a standard set of credentials like an email and password.

**Dscout supports the following methods of SSO:**

* Okta.
* [SAML 2.0](/account-management/user-management-and-security/set-up-saml-sso.md) (both SP-initiated and IdP-initiated).
* [Google Sign-In](/account-management/user-management-and-security/set-up-google-sign-in-sso.md) (Google OAuth).

Dscout offers a dedicated Okta integration to help speed up SSO configuration. With this integration, you can set up:

* IdP-initiated SSO.
* SP-initiated SSO.
* SCIM user provisioning.

This article walks you through **enabling SSO using the Okta integration**. To learn how to set up SCIM user provisioning using this integration, see [Dscout and Okta SCIM integration](/account-management/user-management-and-security/user-provisioning-scim/dscout-okta-scim-integration.md).

## Prerequisites

To use Dscout’s Okta integration, you must have a administrative access to an existing Okta account.

## Enable SSO using the Okta integration

Enabling SSO using the Okta integration requires configuration in both Okta and Dscout. The following process will have you start in Okta. Then, you’ll complete the configuration in Dscout. Finally, you’ll test your configuration and turn it on for your Dscout users.

### Configure Okta

Dscout’s Okta integration takes care of the most of the required SSO configuration. However, you’ll need to enter a few details about your specific Dscout account, as well as confirm the users you want to have access to Dscout are assigned properly in Okta.

**To configure Okta:**

{% stepper %}
{% step %}
Add the [Dscout integration](https://www.okta.com/integrations/dscout/) to your Okta account.
{% endstep %}

{% step %}
From your Okta Admin Console, navigate to **Applications** **Dscout**.
{% endstep %}

{% step %}
Click the **Sign On** tab.
{% endstep %}

{% step %}
Under **Settings**, click **Edit**.
{% endstep %}

{% step %}
Enter `https://app.dscout.com/efflux/home/<account_id>` in the **Default Relay State** field.

{% hint style="info" %}
**Note:** Be sure to replace `<account_id>` with your actual Dscout account ID. You can find this in the URL of any page within Dscout. For example, in the URL *app.dscout.com/**account**/home*, **account** is the account ID.
{% endhint %}

![](/files/c8dc543bcb11d7673f7f87502a103a7dfaa4ce5e)
{% endstep %}

{% step %}
Under **Advanced sign-on settings**, enter your Dscout account ID in the **Account ID** field. This is the same account ID as used in the previous step.

![](/files/404dba9c5e3c9119eadbd4f9ae468dfa9d66ed06)
{% endstep %}

{% step %}
Click **Save**. Okta will provide you with an XML metadata file. Save this for use in the next section.
{% endstep %}

{% step %}
Navigate to the **Assignments** tab and assign Dscout to any users or groups you want to have access to the application.
{% endstep %}
{% endstepper %}

With the above complete and your metadata file on hand, you’re ready to configure SSO within Dscout.

### Configure Dscout

Now that you’ve configured Okta and have your metadata file, you’ll configure SSO in Dscout. In this section, you’ll set up SSO in test mode so you can ensure it’s working properly. Later, you’ll test your configuration and enable it.

**To configure Dscout:**

{% stepper %}
{% step %}
In the sidebar navigation, click your Dscout account name. A drop-down opens displaying the accounts you belong to.
{% endstep %}

{% step %}
Click the **Settings** icon beside the account where you want to enable SSO. The **Account management** page is displayed.

![](/files/77ba8a49a5ffc6da848f79c1195ddbac3e1a7ad7)
{% endstep %}

{% step %}
Select the **Settings** tab.
{% endstep %}

{% step %}
Select **SSO** in the sidebar.
{% endstep %}

{% step %}
Click **Edit**.

![](/files/61ce40b7377678d8969fa381eb0ee142f393985b)
{% endstep %}

{% step %}
Select **SAML** from the **Authentication type** drop-down.
{% endstep %}

{% step %}
Select **Test mode** from the **Status** drop-down.

![](/files/2f79b0d120c71392d194f7850d20b8e2dd8911c5)
{% endstep %}

{% step %}
Under **SSO enforcement** select which users to require SSO to log in. You have the following options:

* **Only require users with specified email domain to use SSO.** (Recommended if your Dscout account is accessed by users outside of your organization. For example, contractors or consultants.)
* **Force everyone regardless of email domain to use SSO.** (Recommended if your Dscout account is only accessed by users inside of your organization.)
  {% endstep %}

{% step %}
(If applicable) Enter the **SSO domain** you want to require SSO when logging in.

![](/files/941032aec4be36229727c74c55976870eeaee6f6)
{% endstep %}

{% step %}
Enter **email** in the **Mapping attribute** field.
{% endstep %}

{% step %}
Copy and paste the metadata provided by Okta into the **Metadata (XML)** text box.
{% endstep %}

{% step %}
Click **Save**.
{% endstep %}
{% endstepper %}

Now, your SSO configuration has been saved in Test mode. The means that users can still sign in using their standard email and password, but they also have the option of using SSO. Next, you’ll test your configuration to ensure it’s working properly, then enforce it.

### Test your SSO configuration

With SSO in Test mode, have one of your Dscout users attempt to log in using SSO. This user should be someone with your company’s domain to ensure the test is accurate. If the user runs into any issues, revisit the steps for configuring both Okta and Dscout to ensure all settings are correct. Once the user is able to log in using SSO without any problems, proceed to the next section.

### Enable SSO in Dscout

Once you’ve tested your SSO configuration and have verified it’s working as expected, the next step is to enable it for all users. Once SSO is enabled, it will be enforced for either all users or all users with your company domain (depending on your **SSO enforcement** selection).

**To enable SSO in Dscout:**

{% stepper %}
{% step %}
On the **SSO** settings page, click **Edit** beside your SSO configuration.
{% endstep %}

{% step %}
Select **Enabled** from the **Status** drop-down.

![](/files/31486b81f501401e9a9815a386b64923dd2ecac1)
{% endstep %}

{% step %}
Click **Save**.
{% endstep %}
{% endstepper %}

Now, you’re brought back to the **SSO** settings page where you’ll see that SSO is set to **Enabled**. Users currently logged in to Dscout will not be logged out, but users will be prompted to use SSO the next time they log in to the platform.

## Disable Okta SSO

If you no longer wish to use SSO on your Dscout account, you can disable it from the **SSO** page of your account settings.

**To disable SSO in Dscout:**

{% stepper %}
{% step %}
In the sidebar navigation, click your Dscout account name. A drop-down opens displaying the accounts you belong to.
{% endstep %}

{% step %}
Click the **Settings** icon beside the account where you want to disable SSO. The **Account management** page is displayed.
{% endstep %}

{% step %}
Select the **Settings** tab.
{% endstep %}

{% step %}
Select **SSO** in the sidebar. The **SSO** page appears showing your current SSO configuration.
{% endstep %}

{% step %}
Click **Edit**.
{% endstep %}

{% step %}
Select **Disabled** from the **Status** drop-down.

![](/files/246f64e90add5c89ea658ce829102b0ee18247d2)
{% endstep %}

{% step %}
Click **Save**.
{% endstep %}
{% endstepper %}

Now, SSO is disabled for your Dscout account. Users currently logged in will not be logged out, however they will be prompted to use their standard email and password credentials the next time they log in to the platform. If you want to turn SSO back on, simply set the **Status** to **Enabled** again, but be sure your IdP details are still the same. If your IdP details have changed, complete the configuration like new.

## Troubleshooting Okta SSO

If you encounter any errors while setting up SSO using the Okta integration, use the following troubleshooting tips to resolve them.

<details>

<summary>Users belonging to multiple Dscout accounts</summary>

It’s possible for a single user to belong to multiple Dscout accounts. However, a single user account can only be associated with one Dscout account where SSO is enabled. You have two options to resolve this issue:

* Work with the listed user(s) to identify any of your organization’s Dscout projects they need to maintain access to. Then, have the user create a new account using a different email address that you can grant access to your Dscout account as well as the necessary projects. Finally, delete the user’s old account from your Dscout account. Once all conflicts have been resolved, you will no longer see this error and can proceed with enabling SSO.
* If the listed user(s) would rather keep their current account associated with your Dscout account, or if they don’t know which other Dscout account they might be associated with, have them reach out to <support@dscout.com> for help resolving the conflict. Once all conflicts have been resolved, you will no longer see this error and can proceed with enabling SSO.

{% hint style="info" %}
Dscout will allow you to turn SSO on in **Test** mode if it is also set to **Test** mode in the Dscout accounts where you have conflicting users. Follow the guidance in your specific error message to proceed, but be aware this could cause conflicts for other Dscout administrators if they attempt to change the status of their SSO configuration.
{% endhint %}

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://help.dscout.com/account-management/user-management-and-security/sso-okta-integration.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
