# Sign-In with SAML (Okta) {% hint style="danger" %} The latest documentation is available [here](https://icehrm.com/explore/docs/sign-in-with-saml-okta/). {% endhint %} {% hint style="warning" %} IceHrm SAML integration only works with IceHrmPro and IceHrm Open Source. This integration will not work with IceHrm Cloud installtions {% endhint %} ## Creating a Test SAML Application in Okta Since you are trying to integrate IceHrm with Okta SAML you should already have a SAML Application created with Okta. But if you don't have an application here is a guide to create your SAML Application: ### Configuring the Okta Application This section describes how to configure the Okta SAML application so it can perform authentication for IceHrm. {% hint style="info" %} We assume your icehrm URL is [http://icehrm.test](http://icehrm.test/). Please replace this with your domain. {% endhint %} 1. On your Okta application following parameters should be set accordingly. ``` Single Sign On URL => http://icehrm.test/app/login.php Recipient URL => http://icehrm.test/app/login.php Destination URL => http://icehrm.test/app/login.php Audience Restriction => http://icehrm.test ``` ![Configuration from IceHrm Test Application](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIKvzzutD6JJ29o0MP%2F-MXIO8neTU7Cvc0aDfhN%2FScreenshot%202021-04-02%20at%2018.22.05.png?alt=media\&token=1cf0d559-e499-4368-af3b-6a7387a909d6) 2\. Then under the "Assignments" tab you need to add some users to this application. Make sure the email \[SAML name id] of these users are the same as the login email for IceHrm. ### Extract Required Configuration from Okta SAML Application 1. Go to the "Sign On" section of your Okta Application ![](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIKvzzutD6JJ29o0MP%2F-MXIPjcuK9HN0uRZ4k5v%2FScreenshot%202021-04-02%20at%2018.27.39.png?alt=media\&token=ed40276c-417c-42ad-8a01-8d70093fad6a) 2\. Click "View Setup Instructions" button. This will take you to a page with some configurations you need to update on IceHrm ### Update IceHrm SAML Configuration 1. Under the System -> Settings, SAML tab update the configuration using the values in previous step. ![IceHrm SAML configuartion](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIQ6_gHXqyfwrCI7Mb%2F-MXQ3F8iJ3MjnSBY24Yt%2FScreenshot%202021-04-04%20at%2006.07.05.png?alt=media\&token=cd98bbc0-be7a-41c9-a79f-de78bd3c9ae7) 2\. Assign users to your Okta SAML application under "Assignments" tab. **Make sure the name id of the assigned user matches the email of a user registered in IceHrm user** under System -> Users ![IceHrm Users](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIQ6_gHXqyfwrCI7Mb%2F-MXQ50oeZmQ-ysJEC5sH%2FScreenshot%202021-04-04%20at%2006.12.07.png?alt=media\&token=f1d96ea8-29a8-48c6-8aa2-fa52621991c1) ![Assigned users in Okta Application](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIQ6_gHXqyfwrCI7Mb%2F-MXQ58Ma0PJTyBJe7QY0%2FScreenshot%202021-04-04%20at%2006.11.19.png?alt=media\&token=59259caf-97b6-4ee2-97ec-8182c2c64b05) ### Enable SAML Sign-In 1. Under System -> Settings -> SAML tab set **"SAML: Enabled"** and **"SAML: Auto Login"** to "1". 2. Then visit your IceHrm login page and you should be redirected to Okta login page. 3. Login in using your Okta credentials.