# How do I set up SAML SSO with Okta?
In this article, you will receive a step-by-step guide to setting up SAML SSO, provided you are using Okta as your identity provider. If you are looking for instructions for setting up the SSO login at sipgate, [you can find them here](https://help.sipgate.de/hc/de/articles/13437518031645-Wie-richte-ich-einen-SSO-Login-f%C3%BCr-mein-Unternehmen-ein-).
{% stepper %}
{% step %}
**Create app integration**
Log in to Okta as an admin, go to the **Applications** and click on **Create App Integration**.
In the next step, select **SAML 2.0.** .
{% endstep %}
{% step %}
**Name app**
You also have the option of giving the created app any name you like and adding an icon. Then click on **Next**.
{% endstep %}
{% step %}
**Configure SAML**
In the following, configure the SAML integration by entering sipgate's service provider data in Okta. Enter the data as follows: **ACS URL --> Single Sign-On URL** and **Entity ID --> Audience URI (SP Entity ID)**. Also check the box for **Use this for Recipient URL and Destination URL**.
Next, select the option **Name ID** on **EmailAddress** and the **Application username** on **Email**.
{% endstep %}
{% step %}
**Complete setup**
In the next step, answer the question "Are you a customer or partner?" with "I'm an Okta customer adding an internal app", and in the **App type** section, select "It's required to contact the vendor to enable SAML". Then click on **Finish**.
{% endstep %}
{% step %}
**Transfer IdP data**
You can find the overview of the sipgate configuration under **Applications** **-->** **Sign on** **-->** **Sign on methods**. In this overview, you will find the identity provider data that must be entered at sipgate. Click on **More Details**to expand all data.
Enter the following data in the SSO section at sipgate (identity provider data): **Sign on URL --> SSO URL** and **Issuer --> Entity ID**. Download the certificate from Okta using the download button.
{% hint style="info" %}
Download the certificate using the download button. If you use the copy button, not all required information will be included.
{% endhint %}
Open the certificate with the default text editor. Copy the certificate text from the editor and paste it into sipgate under Certificate.
{% hint style="warning" %}
**Important:** Make sure that the sipgate application is activated in Okta.
{% endhint %}
{% endstep %}
{% step %}
**Enable SSO at sipgate**
Once you have successfully completed these steps, the interface between sipgate and Okta should be set up. You can then enable the SSO login via the toggle at sipgate.
{% endstep %}
{% endstepper %}
#### Errors and solutions
Error message: "An error has occurred. Please try again. Back to login."
**Cause**: The web user with Google SSO was deleted and created as a new web user. In the Google SSO database, the old web user is still linked.\
**Workaround**: inform sipgate Support so that the Google SSO entry is deleted. Then test again whether the next Google SSO login works.\
**Solution**: we are working on a solution so that when a web user is deleted, the Google SSO deletion is also carried out.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.sipgate.de/cloud-telefonanlage/en/account-management/login/wie-richte-ich-saml-sso-mit-okta-ein.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.