Skip to main content

Documentation Index

Fetch the complete documentation index at: https://knowledge.deeto.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks through configuring SAML 2.0 single sign-on between Deeto and Okta. Once complete, users in your Okta organization can authenticate into Deeto using your identity provider.
Only existing Deeto users will be authenticated through SAML. Deeto does not provision new users automatically when they sign in via SAML — user accounts must exist in Deeto first.

What you’ll need

  • Okta admin dashboard access
  • The entityID for your Deeto workspace (a GUID provided by Deeto)
Contact support@deeto.ai to obtain your entityID before starting.

Configuration steps

1

Sign in to Okta and create a new app integration

Go to your Okta Admin Console → MenuApplicationsApplicationsCreate App Integration. Select SAML 2.0 and click Next.
2

Set the app name

Enter Deeto as the app name. You can optionally upload the Deeto app icon. Click Next.
3

Configure SAML settings

On the Configure SAML page, under General, set:
  • Single Sign-On URL: https://api.deeto.ai/v1/saml/{entityID} — replace {entityID} with the GUID provided by Deeto
  • Audience URI (SP Entity ID): same entityID value
  • Name ID format: EmailAddress
Leave all other General settings unchanged.
4

Add attribute statements

In the Attribute Statements section, add the following three attributes:
NameName FormatValue
email (lowercase)Unspecifieduser.email
firstName (camelCase)Unspecifieduser.firstName
lastName (camelCase)Unspecifieduser.lastName
5

Preview and continue

Click Preview the SAML Assertion to verify the configuration, then click Next.
6

Complete the feedback step

On the Feedback page, select “This is an internal app that we have created.” Click Finish.
7

Assign users

On the Deeto application page in Okta, go to the Assignments tab and add the users who should have access to Deeto via SAML.
8

Share IDP metadata with Deeto

Under the About section of the Deeto application page, click “View SAML Setup Instructions.” Find the section labeled “IDP Metadata to your SP Provider.” Copy the entire XML text from the text box and send it to Deeto at support@deeto.ai.
9

Test the integration

Once Deeto has processed your IDP metadata, test sign-in by going to your Okta application board and clicking Deeto.

Important notes

  • Only users who already have accounts in Deeto can authenticate via SAML. Deeto does not create new user records when someone signs in through Okta for the first time.
  • Attribute names are case-sensitive: email, firstName, and lastName must be entered exactly as shown.

Support

Contact your Deeto Customer Success Manager or email support@deeto.ai with your IDP metadata XML or any configuration questions.