--- title: "Integrating Federated Authentication with Okta" date: "2022-01-28T00:40:02+00:00" summary: image: type: "article" url: "/acquia-cloud-platform/help/94586-integrating-federated-authentication-okta" id: "070370b3-c6ed-458d-ac0f-d69966897f10" --- _​Note: This guide includes screenshots and instructions for a third-party platform that could change at any time. Be sure to reference Okta's documentation for the latest information._  Please find full documentation for Federated Authentication [here](/node/56058). 1. First, an Okta administrator should select **Create New App**. Do not select an application from the App Integration Catalogue.  ![App integration catalog interface with categories listed on the left and featured integrations like Workday and Salesforce on the right. "Create New App" button visible.](https://acquia.widen.net/content/exaaf7vfr2/web/ka06g000001tvdL00N6g00000VCdgi0EM6g000002WIJz.png?v=2f21625d-d629-415f-ba23-014c7f0f8047) 2. Select **SAML 2.0** as the sign-on method  ![Options for creating a new app integration in Okta, highlighting SAML 2.0 as the selected sign-in method.](https://acquia.widen.net/content/2ykzfpdm4t/web/ka06g000001tvdL00N6g00000VCdgi0EM6g000002WIK4.png?v=45692418-8720-467c-a3a5-5db42732b82b) 3. In **General Settings**, name the application whatever you prefer. You also may want to choose to **Do not Display** the application icon to users, because users must initiate the login process through Acquia Accounts. They cannot initiate the login process through Okta. 4. Select **Next,** and move on to **Configure SAML**. At this point, you will need to go back to the Cloud Platform to enter information from Okta, and gather information to bring back to Okta. [Refer to this documentation](/node/56058) for more information. 1. You will need to get the ACS Link from the Cloud Platform, and enter it into the Single sign on URL field in Okta. The Cloud Platform will not generate the ACS Link until you’ve entered information from Okta, most of which Okta will not provide until you’ve provided the ACS Link. To work around this issue, do the following: 1. On the Cloud Platform, enter placeholder values in the Entity ID and SSO URL fields. 2. From Okta, download the **Okta Certificate**. Open the certificate with a text editor, copy the certificate, and paste it into the Cloud Platform as shown in the documentation. 3. **Submit** the information on the Cloud Platform 4. The Cloud Platform will generate the **ACS Link** and display it on the subsequent screen. 2. Enter the **ACS Link** generated by the Cloud Platform into the Okta field labeled **Single Sign on URL** 3. Enter the **Entity ID** generated by the Cloud Platform into the Okta field labeled **Audience URI** 4. Leave the **Default Relay State** blank 1. **Note:** some customers have reported an issue where Okta sends a blank RelayState, causing authentication to fail when a user is trying to sign-in. Please reach out to Okta support for help with troubleshooting this issue. 5. In the **Name ID Format**, select **Email Address.** 5. Click through the feedback screen, to finish the set-up in Okta. 6. Select **View Setup Instructions** in the yellow box to get the information generated by Okta that you need to enter into the Cloud Platform. 7. Use the information displayed by Okta to update the placeholder values that you entered in the Cloud Platform’s **Register the Identity Provider** screen for **Entity ID** and **SSO URL**. You do not need to replace the Certificate that you submitted previously. 8. On the Cloud Platform, submit the values, and then select **Enable** on the next screen to enable Federated Authentication.