Skip to content
English - United States
Contact Support
  • There are no suggestions because the search field is empty.

Setting up Okta SSO

Overview

This guide explains how to configure Single Sign-On (SSO) for Holistiplan using SAML 2.0 with Okta as the Identity Provider (IdP).

Supported features:

  • SP-initiated SSO

  • SAML 2.0 authentication

For general information on SAML setup, see Okta SAML Guidance.

Prerequisites

Before you begin:

  • You must be a Holistiplan firm administrator.

  • Your firm must have SSO Self-Serve enabled in the Holistiplan application.

  • If you do not see SSO options in your Holistiplan settings, contact support@holistiplan.com.

Configuration Steps

Step 1: Obtain Okta Metadata

  1. In the Okta Admin Console, navigate to Applications → Applications.

  2. Search for "Holistiplan SSO" under the "Browser App Integration Catalog".

  3. Click the "Add Integration" blue button.
  4. On the "Sign-On Options" tab, select "SAML 2.0".
  5. Click "Copy" to copy the "Metadata URL" under "Metadata details".
  6. Click "Done" to complete your SAML 2.0 setup.
  7. Open the Metadata URL

  8. Save the file locally; it will be uploaded to Holistiplan in a later step.

Step 2: Configure SAML in Holistiplan

  1. Log in to Holistiplan as a firm administrator.

  2. Navigate to Settings → Security Settings.

  3. Scroll down and enable SSO Self-Serve.

  4. In the SSO Configuration section, select Okta as your Identity Provider.

  5. Click Okta Settings.

  6. Click Import from XML, and upload the metadata file downloaded from Okta.

  7. Click Submit.

  8. Choose whether to:

    • Enable SSO (users can log in via SSO or password), or

    • Enable SSO-only (users can log in only through Okta).

SAML Settings Reference

Setting Value / Description
Single Sign-On URL https://app.holistiplan.com/sso/complete/saml/
Audience URI (SP Entity ID) https://app.holistiplan.com
Name ID format EmailAddress
Application username Email
Default RelayState return_to
Response / Assertion Signature Signed

Attribute Statements (User Mapping)

Okta Attribute Holistiplan Field
user.email Email / Username

User requirements:
Users must already exist in Holistiplan before they can authenticate via SSO.

Testing and Validation

  1. In a private or incognito browser window, navigate to https://app.holistiplan.com.

  2. On the Holistiplan login page, select Sign in with SSO.

  3. Enter your firm’s registered domain or email, then follow the redirect to Okta for authentication.

  4. After successful authentication in Okta, you should be redirected back to Holistiplan and automatically logged in.

  5. Verify that your user information (name and email) matches the values configured in your Okta attribute statements.

Troubleshooting tips:

  • Confirm that the user exists in Holistiplan before testing; new users must be provisioned in Holistiplan prior to using SSO.

  • Ensure that the SAML metadata imported into Holistiplan matches the current metadata from Okta.

  • If authentication fails, review your SAML attribute mappings and verify that the Audience URI and SSO URL match https://app.holistiplan.com.

Support

If you encounter issues during setup or testing, contact Holistiplan Support at support@holistiplan.com.