SSO (SAML 2.0) Integration with Okta

1. Under Settings:  Security and Integrations, enable SSO by enabling SAML2 Single Sign-on.  Click on the Generate button, which will generate a Saml2 Single Sign On URL.

2. Copy the Saml2 Single Sign On URL you just generated in ContractSafe, and use to populate the Okta Saml settings fields ‘Single Sign On URL’ and 'Audience URI (SP Entity ID)'.
Set the Name ID format to EmailAddress, and check the box "Use this for Recipient and Destination URL."  (underneath the Single sign on URL entry).

3. Create an Unspecified attribute named emailaddress set to the value and click next.

4. On the Sign On tab, right click and download linked file as metadata.xml

Note:  If this file is not saved as a .xml file it will not upload in the next step.

5. Back in ContractSafe, upload the Saml metadata file that you saved (metadata.xml) using the button at the bottom of the SAML section in settings:

6. Enter emailaddress in the ContractSafe Email Identifier field:

7. In the Okta Assignments tab, assign users:

8. Test!
9.  If you are experiencing any issues please contact us at or just use the in-product help.

**Note that users must be added in both Okta and in ContractSafe with the same email address, in order for users to access ContractSafe through the SSO integration.