Set Up Okta SSO in OnRamp

Last updated: March 13, 2026

Okta Single Sign-On lets your team log into OnRamp using your organization’s identity provider credentials — improving security and simplifying access management across your org.

Note: SSO is an add-on feature. To enable it, contact your Customer Success manager or email support@onramp.us.

Before You Begin

  • You must have Owner permissions in OnRamp.
  • You’ll need access to your Okta Admin Console.
  • Once SSO is toggled on in OnRamp, gather the Assertion Consumer Service (ACS) URL and SAML Entity ID — you’ll need both for Okta.

Step 1: Enable SAML in OnRamp

  1. In OnRamp, go to Settings › SSO.
  2. Toggle Enforce SAML SSO to On.
  3. Copy the Assertion Consumer Service URL and SAML Entity ID. Keep this tab open — you’ll need them in Okta.

Step 2: Create a New SAML App in Okta

  1. In your Okta Admin Console, go to Applications › Create App Integration.
  2. Select SAML 2.0 as the sign-in method and click Next.
  3. Enter a name (e.g., OnRamp) and optionally upload the OnRamp logo.
  4. Click Next to proceed to configuration.

Step 3: Configure SAML Settings in Okta

  1. In Single sign-on URL, paste the Assertion Consumer Service URL from OnRamp.
  2. In Audience URI (SP Entity ID), paste the SAML Entity ID from OnRamp.
  3. Set NameID format to EmailAddress and Application username to Email.
  4. Leave other fields at their defaults and click Next.
  5. Complete or skip Okta’s optional feedback form.

Step 4: Get the Metadata URL from Okta

  1. Once the app is created, go to its Sign On tab.
  2. Copy the Metadata URL.

Step 5: Finish Setup in OnRamp

  1. Return to Settings › SSO in OnRamp.
  2. Paste the Metadata URL into the SAML Metadata URL field.
  3. Click Enable SAML SSO and wait for confirmation.

Important Notes

  • Users must log in through app.onramp.us — IdP-initiated logins from Okta are not supported.
  • Users must exist in both Okta and OnRamp for SSO to work correctly.

Tips & Troubleshooting

  • SSO not working after setup? Confirm the Metadata URL was copied correctly and that the user’s email matches in both Okta and OnRamp.
  • User can’t log in? Make sure they are assigned to the OnRamp app in Okta and have an active OnRamp account.
  • Need to disable SSO? Toggle Enforce SAML SSO off in Settings › SSO.