Okta Integration
Enable your Okta users to sign in to your Shopify store using their corporate credentials with SAML 2.0 or OIDC.
Prerequisites
- Okta admin access (Application Administrator or higher)
- SecurePie Professional or Enterprise plan
- Your SecurePie Organization ID
Setup Instructions
Access Okta Admin Console
Log in to your Okta Admin Console to create a new SAML application.
- 1.Navigate to your Okta admin URL (e.g., yourcompany-admin.okta.com)
- 2.Sign in with your admin credentials
- 3.Go to Applications → Applications
Create SAML Application
Create a new SAML 2.0 application for SecurePie.
- 1.Click "Create App Integration"
- 2.Select "SAML 2.0" as the sign-in method
- 3.Click "Next"
- 4.Enter "SecurePie SSO" as the App name
- 5.Optionally upload the SecurePie logo
- 6.Click "Next"
Configure SAML Settings
Enter the SecurePie SAML configuration in Okta.
- 1.Enter the Single sign-on URL (ACS URL)
- 2.Enter the Audience URI (Entity ID)
- 3.Set Name ID format to "EmailAddress"
- 4.Set Application username to "Email"
// SAML Settings
{
"Single sign-on URL": "https://securepie.com/saml/acs/your-org-id",
"Audience URI (SP Entity ID)": "https://securepie.com/saml/your-org-id",
"Default RelayState": "", // Leave empty
"Name ID format": "EmailAddress",
"Application username": "Email"
}Configure Attribute Statements
Map Okta user attributes to SAML assertions.
- 1.Scroll down to "Attribute Statements"
- 2.Add the required attribute mappings
- 3.Click "Next" when done
// Attribute Statements Name → Value ───────────────────────────────────────── email → user.email firstName → user.firstName lastName → user.lastName // Group Attribute Statements (Optional) Name → Filter ───────────────────────────────────────── groups → Matches regex: .*
Complete App Creation
Finish the application setup and download metadata.
- 1.Select "I'm an Okta customer adding an internal app"
- 2.Click "Finish"
- 3.On the "Sign On" tab, find "SAML Signing Certificates"
- 4.Click "Actions" → "View IdP metadata"
- 5.Save the metadata XML file
Assign Users and Groups
Assign users or groups to the SecurePie application.
- 1.Go to the "Assignments" tab
- 2.Click "Assign" → "Assign to People" or "Assign to Groups"
- 3.Select the users or groups who should have access
- 4.Click "Save and Go Back"
Configure SecurePie
Upload the Okta metadata to SecurePie to complete the integration.
- 1.Log in to your SecurePie dashboard
- 2.Go to Settings → Identity Providers
- 3.Click "Add Provider" → "Okta"
- 4.Upload the IdP metadata XML file
- 5.Click "Save" and test the connection
Advanced: SCIM Provisioning
Enable automatic user provisioning and deprovisioning with SCIM 2.0. When users are added or removed in Okta, changes sync automatically to SecurePie and Shopify.
Supported Operations
- • Create users
- • Update user attributes
- • Deactivate users
- • Sync groups
SCIM Endpoint
https://api.securepie.com/scim/v2/your-org-idCommon Issues
Invalid SAML Response signature
Ensure you're using the correct certificate. In Okta, go to Sign On → SAML Signing Certificates and verify the active certificate matches what's configured in SecurePie.
User not assigned to app
The user must be assigned to the SecurePie application in Okta. Check Assignments tab and ensure the user or their group is listed.
Attributes not mapping correctly
Verify the attribute statement names match exactly what SecurePie expects. Names are case-sensitive (email, firstName, lastName).
Need Help?
Our support team can help you configure Okta, including advanced features like SCIM provisioning and Okta Workflows.