> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SAML: Okta Configuration

> This document provides instructions for creating an application within Okta for compatibility with BloodHound Enterprise.

export const IDPIntro = ({auth_mode}) => {
  const mode = (auth_mode || '').toUpperCase();
  const isOIDC = mode === 'OIDC';
  const href = isOIDC ? '/manage-bloodhound/auth/oidc' : '/manage-bloodhound/auth/saml';
  const label = isOIDC ? 'OIDC' : 'SAML';
  return <Tip>
      See <a href={href}>{label} in BloodHound</a> for order of operations, general {label} setup, and user configuration in BloodHound.
    </Tip>;
};

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

<IDPIntro auth_mode="SAML" />

## Create an Okta Application

1. Navigate to the organization applications page and create a new SAML application integration.

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-63.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=e9f7a2339dccb59760aaf6454789515c" width="956" height="600" data-path="assets/image-2-63.png" />
</Frame>

2. Give the application a name and an icon if desired.

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-64.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=a6c874ef505f42aa11891ea2a62ad790" width="910" height="716" data-path="assets/image-2-64.png" />
</Frame>

3. Once finished, click next to begin setting the SAML configuration for this application.

## Okta SAML Settings

The following SAML settings are required for Okta to integrate with BloodHound Enterprise:

| **SAML Setting**         | **Value**    |
| ------------------------ | ------------ |
| **Name ID format**       | EmailAddress |
| **Application username** | Email        |

## Okta Attribute Statements

The following attribute settings are required for Okta to integrate with BloodHound Enterprise:

|                                                                                                                                          |                 |            |
| ---------------------------------------------------------------------------------------------------------------------------------------- | --------------- | ---------- |
| **Name**                                                                                                                                 | **Name Format** | **Value**  |
| [http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress](http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress) | URI Reference   | user.email |

Complete SAML Integration Configuration

1. Once all the information is entered, your screen should look similar to the example below. Once confirmed, click next to continue.

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-65.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=a49b6b1c4bed6e9edbc73da491339855" width="618" height="1162" data-path="assets/image-2-65.png" />
</Frame>

2. Complete creation of the SAML integration with the following options below:

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-66.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=d62cf9e5e1be545b49569cd64f23c0e8" width="878" height="694" data-path="assets/image-2-66.png" />
</Frame>

3. Once completed you should now see the application home page. You may then click on **View Setup Instructions** to view the integration setup details.

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-67.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=19677f9ee232f79dc858e5dda1f5a9c8" width="736" height="1100" data-path="assets/image-2-67.png" />
</Frame>

4. Copy the metadata provided by Okta and save it into a metadata.xml file.

   **ATTENTION FIREFOX USERS:** FireFox may prepend an additional heading to the metadata.xml file, resulting in an error creating the SAML integration within BloodHound Enterprise. If your extracted metadata.xml looks like the following, delete line 1 try again. See [https://support.mozilla.org/en-US/questions/1387904](https://support.mozilla.org/en-US/questions/1387904) for more details.

<Frame>
  <img src="https://mintcdn.com/specterops/TwsBcJyEWw_Zwex2/assets/image-2-68.png?fit=max&auto=format&n=TwsBcJyEWw_Zwex2&q=85&s=5260def2217e30454e69f1b7801296b5" width="1574" height="136" data-path="assets/image-2-68.png" />
</Frame>

5. Follow the instructions at [SAML in BloodHound Enterprise](/manage-bloodhound/auth/saml) to create the SAML provider in BloodHound Enterprise.