Before starting, complete the generic SSO setup prerequisites and have the SAML configuration values from Yasu’s SSO page ready.
Create a SAML application
- Sign in to the Okta Admin Console
- Go to Applications → Applications → Create App Integration
- Select SAML 2.0 and click Next
- Name the application (e.g., “Yasu”) and click Next
Configure SAML settings
- Single sign-on URL → paste the ACS URL from Yasu’s SSO page
- Audience URI (SP Entity ID) → paste the Entity ID from Yasu’s SSO page
- Name ID format → select EmailAddress
- Application username → select Email
Configure attribute statements
Under Attribute Statements (Optional), add:
Under Group Attribute Statements (Optional), add:
Click Next, then select your feedback option and click Finish.
| Name | Value |
|---|---|
email | user.email |
FirstName | user.firstName |
LastName | user.lastName |
displayName | user.displayName |
| Name | Filter | Value |
|---|---|---|
groups | Matches regex | .* |
This sends all group memberships. You can use a more specific filter to limit which groups are sent. Group attribute statements are required if you want to use role mapping.
Download metadata and configure Yasu
- On the application page, go to the Sign On tab
- Under SAML Signing Certificates, click Actions → View IdP metadata
- Copy all the XML content (or right-click and save)
- In Yasu, go to Integrations → SSO Configuration and click Configure SSO
- Select Okta as the identity provider
- Enter your company domain
- Paste the metadata XML
- Click Add Domain
Assign users and groups
- Go to the Assignments tab of the Okta application
- Click Assign → Assign to People or Assign to Groups
- Select the users or groups and click Assign → Done
Assigned users can now sign in to Yasu via SSO. New users will be automatically provisioned via JIT provisioning.
Attribute Mapping Reference
When configuring attribute mapping in Yasu for Okta, use these values:| Yasu field | Okta attribute |
|---|---|
| Name attribute | displayName |
| Picture attribute | profileUrl |
| Groups/role attribute | groups |
These are auto-configured when you select Okta as the identity provider during setup.