# Sign-In with SAML (Okta)

{% hint style="danger" %}
The latest documentation is available [here](https://icehrm.com/explore/docs/sign-in-with-saml-okta/).
{% endhint %}

{% hint style="warning" %}
IceHrm SAML integration only works with IceHrmPro and IceHrm Open Source. This integration will not work with IceHrm Cloud installtions
{% endhint %}

## Creating a Test SAML Application in Okta

Since you are trying to integrate IceHrm with Okta SAML you should already have a SAML Application created with Okta. But if you don't have an application here is a guide to create your SAML Application: <https://developer.okta.com/docs/guides/build-sso-integration/saml2/create-your-app/>

### Configuring the Okta Application

This section describes how to configure the Okta SAML application so it can perform authentication for IceHrm.

{% hint style="info" %}
We assume your icehrm URL is [http://icehrm.test](http://icehrm.test/). Please replace this with your domain.
{% endhint %}

1. On your Okta application following parameters should be set accordingly.

```
Single Sign On URL => http://icehrm.test/app/login.php
Recipient URL => http://icehrm.test/app/login.php
Destination URL => http://icehrm.test/app/login.php
Audience Restriction => http://icehrm.test
```

![Configuration from IceHrm Test Application](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIKvzzutD6JJ29o0MP%2F-MXIO8neTU7Cvc0aDfhN%2FScreenshot%202021-04-02%20at%2018.22.05.png?alt=media\&token=1cf0d559-e499-4368-af3b-6a7387a909d6)

2\. Then under the "Assignments" tab you need to add some users to this application. Make sure the email \[SAML name id] of these users are the same as the login email for IceHrm.

### Extract Required Configuration from Okta SAML Application

1. Go to the "Sign On" section of your Okta Application

![](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIKvzzutD6JJ29o0MP%2F-MXIPjcuK9HN0uRZ4k5v%2FScreenshot%202021-04-02%20at%2018.27.39.png?alt=media\&token=ed40276c-417c-42ad-8a01-8d70093fad6a)

&#x20;2\. Click "View Setup Instructions" button. This will take you to a page with some configurations you need to update on IceHrm

### Update IceHrm SAML Configuration

1. Under the System -> Settings, SAML tab update the configuration using the values in previous step.

![IceHrm SAML configuartion](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIQ6_gHXqyfwrCI7Mb%2F-MXQ3F8iJ3MjnSBY24Yt%2FScreenshot%202021-04-04%20at%2006.07.05.png?alt=media\&token=cd98bbc0-be7a-41c9-a79f-de78bd3c9ae7)

2\. Assign users to your Okta SAML application under "Assignments" tab. **Make sure the name id of the assigned user matches the email of a user registered in IceHrm user** under System -> Users

![IceHrm Users](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIQ6_gHXqyfwrCI7Mb%2F-MXQ50oeZmQ-ysJEC5sH%2FScreenshot%202021-04-04%20at%2006.12.07.png?alt=media\&token=f1d96ea8-29a8-48c6-8aa2-fa52621991c1)

![Assigned users in Okta Application](https://631078622-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LSTAqbcVhk-wxBWPiuv%2F-MXIQ6_gHXqyfwrCI7Mb%2F-MXQ58Ma0PJTyBJe7QY0%2FScreenshot%202021-04-04%20at%2006.11.19.png?alt=media\&token=59259caf-97b6-4ee2-97ec-8182c2c64b05)

### Enable SAML Sign-In

1. Under System -> Settings -> SAML tab set **"SAML: Enabled"** and **"SAML: Auto Login"** to "1".
2. Then visit your IceHrm login page and you should be redirected to Okta login page.
3. Login in using your Okta credentials.

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://icehrm.gitbook.io/icehrm/api-and-single-sign-on/sign-in-with-saml-okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.