Configure SAML-based single sign-on (SSO) with Okta

Who can use this feature?

🔐 Only team owners and admins can configure single sign-on (SSO)

⭐️ Available on the standard and premium plan.

Step 1: Prepare the configuration

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  5. Note the ACS URL and Entity ID.

Step 2: Set up Okta for Nuclino

  1. Log in to Okta and click on Add applications in the admin dashboard.

    step-1
  2. Click on Create New App.

    step-2
  3. Select Web as the platform and SAML 2.0 as the sign-on method and click Create.

    step-3
  4. Set the App Name to Nuclino and click Next.

    step-4
  5. Fill out the general SAML settings:

    • Single sign on URL: Enter the ACS URL you noted in Step 1

    • Audience URI (SP Entity ID): Enter the Entity ID you noted in Step 1

    step-5
  6. Add the following attribute statements:

    step-6
  7. Click Next.

  8. Select I'm an Okta customer adding an internal app and click finish.

  9. Click on View Setup Instructions and copy the following data

    1. Identity Provider Single Sign-On URL

    2. Identity Provider Issuer

    3. X.509 Certificate

  10. Go to the Assignments tab to configure who should be able to log in to Nuclino.

Step 3: Integrate Nuclino with your identity provider

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO)

  5. Enter the following information

    1. SSO URL: Enter the Identity Provider Single Sign-On URL you copied in Step 2

    2. IDP Entity ID: Enter the Identity Provider Issuer you copied in Step 2

    3. Public certificate: Enter the X.509 Certificate data you copied in Step 2

  6. Click Save changes.

  7. Optional: Enforce single sign-on (SSO)

After you have successfully set up SSO

Your team can now sign up and log in via your team URL that you can find in your team settings in the section authentication.

  • People who already have a Nuclino account with the same email address as their SSO account can choose to link this account. Afterwards, they can log in using their existing Nuclino account or use SSO instead.

  • For people who don't have a Nuclino account yet, a new account is provisioned when they log in for the first time using your team URL. They can only log in using SSO as long as they don't generate a separate password using Nuclino's reset password functionality.

Users who have already set up SSO for their Nuclino account can also go to the normal login (https://app.nuclino.com/login) and select Log in via single sign-on (SSO).

Questions?

If you have any questions or need help to set up SSO for Nuclino, please contact us.