> For the complete documentation index, see [llms.txt](https://knowledgebase.autorabit.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://knowledgebase.autorabit.com/product-guides/vault/configuring-vault/sso-configuration/sso-for-okta.md).
# Vault SSO for OKTA
This article explains how to configure Single Sign-On (SSO) in Vault using Okta as the SAML 2.0 Identity Provider. When SSO is enabled, users are redirected to Okta for authentication and, upon success, are taken to the Vault Dashboard.
## Add the Vault Application to Okta
### Steps:
1. Sign in to Okta as an admin. If you don’t have an Okta org, sign up at .
2. Go to **Applications > Add Application**.
3. Click **Create App Integration**.
4. Choose **SAML 2.0** and click **Next**.
5. In **General Settings**:
* Name: **Vault**
* Upload Vault logo
* Click **Next**
6. In the **Configure SAML** tab:
* **Single sign on URL:** `/ARVault/saml/SSO`\
\&#xNAN;*e.g.*: `https://vault-qa.autorabit.com/ARVault/saml/SSO`
* **Audience URI (SP Entity ID):** `/ARVault/saml/metadata`
7. Under **Attribute Statements**:
| Name | Value |
| -------------------------- | ----------------- |
| firstname | `user.firstName` |
| lastname | `user.lastName` |
| customerid | Vault customer ID |
| restrictAutoCreationOfUser | `Yes` or `No` |
> **Note**: Customer ID is available under the **Profile** section in your Vault account.
8. Click **Next**, then choose:
* **"I'm an Okta customer adding an internal app"**
* **"This is an internal application that we created"**
* Click **Finish**
9. Go to the **Assignments** tab:
* Click **Assign > Assign to People**
* Assign users, click **Save and Go Back**, then **Done**
10. Go to the **Sign On** tab and click **Identity Provider Metadata**.
* Save the file as XML or copy the metadata URL.
## Configure SSO in Vault
1. Log in to Vault
2. Navigate to **Settings > SSO Configuration**
3. Enter a name for the config and select:
* **Metadata URL** (paste the copied link), or
* **Metadata File** (upload the XML file)
4. Click **Activate**
> You may disable login with Vault credentials by toggling off that option.
## Logging in Using SSO
1. On the Vault login screen, click **Login with SSO**
2. Enter your **Customer ID**
3. Click **Sign in**
> You can also log in directly from your Okta dashboard by clicking on the Vault application icon.
## Troubleshooting
**Error**:\
\&#xNAN;*"Your user is not available in the account with provided customer id. Please contact the administrator to create a user for you in the account."*
**Causes**:
1. The user is not assigned to the Vault app in Okta.
2. `restrictAutoCreationOfUser` is set to **Yes** and the user has not been pre-created in Vault.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://knowledgebase.autorabit.com/product-guides/vault/configuring-vault/sso-configuration/sso-for-okta.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.