SAML 2.0 with Okta - Application Installation Guide (recommended)

Lyndsay Updated by Lyndsay

Okta integration is a premium feature available only on Enterprise Accounts unless otherwise negotiated with your Account Executive.

Our SAML 2.0 integration will allow employees from your organization to log in to EasyLlama without using passwords. Our app is available in the Okta marketplace and alternative instructions are provided here.

We support the following roles:

- EasyLlama admin

- EasyLlama learner

Both already need to be present in your EasyLlama account in order to be able to use the SAML 2.0 login.

Supported Features

The Okta/EasyLlama SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just-In-Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

Set up a new Okta app

  1. Install the EasyLlama Okta app
  2. Download the certificates from Okta - Download the certificates from Okta and keep them secure. These will be uploaded on the EasyLlama dashboard. Clicking the View SAML setup instructions will take you to the SAML instructions page which you will need to copy into your EasyLlama dashboard.

Add the SAML settings in EasyLlama

  1. Add the SAML settings to your Easyllama dashboard - Go to your EasyLlama dashboard and click Settings > Authentication. Contact your Account Manager if that option isn't available on your account.

Enter the following items:

  • Single Sign On URL: the URL generated by Okta, e.g.
  • Identity Provider Issuer: the URL generated by Okta, e.g.
  • X.509 certificate: the certificate generated by Okta (.cert file)
  • Once you have entered all the required fields, click Save.

Map the fields in Okta

Go back to Okta and follow these instructions:

  1. Go to the Directory > Profile Editor and select EasyLlama. Add a userType attribute, as displayed below and click 'Save'.
  1. Add the "Training Tags" attribute (optional) - If you would like to assign courses to learners after they log in for the first time, you will need to add the "Training Tags" attribute so that you can assign trainings to their profile. The value should be training_tags
  2. Add the userType attribute
    Go to Applications > Applications and click on the "EasyLlama" application that you just installed.
    Click on Sign on > Settings > Edit and map the attribute that you added to: userType => appuser.userType
    Click 'Save'

Congratulations, your SAML integration is now ready to be used!

Test your SAML login

  1. In Okta: go to Directory > People and click on any user you would like to use for testing purposes. We recommend using your own user.
  2. Click "Assign Applications" and select EasyLlama.
  3. Enter either 'admin' or 'learner' in the User Type field.
  • Admin role: will have access to the EasyLlama admin dashboard and will be able to perform all operations such as adding/removing learners or assigning trainings. They will be provisioned during the first Okta login if they are not in EasyLlama yet.
  • Learner role: will be able to log in to EasyLlama and access the courses assigned to them by an admin. They will be provisioned during the first Okta login if the "Training Tag" field is filled out.
  1. Log in with Okta: Go back to your Okta account. Find your user and assign the "Admin" role. Click on the EasyLlama tile. You should be redirected to your EasyLlama dashboard.


The following SAML attributes are supported:

  • Name










SP-initiated SSO

You can get the SP-initiated link from the SAML Authentication Settings > Copy SAML in Okta.

How did we do?

SAML 2.0 with Microsoft - Manual Configuration Guide

SAML 2.0 with Okta - Manual Configuration Guide