Skip to main content

Okta SSO


Transform supports login with Okta Single-Sign-On and Provisioning. Both SP-initiated (logins directly from Okta application) and IDP-initiated logins (logins from Transform) are supported. Transform also supports Create Users, Update Users, Deactivate Users, and Import Users Provisioning Functionality.

Enabling Okta


  1. Active Transform and Okta instances
  2. Transform administrator
  3. Okta Administrator
  4. An Okta Administrator must add the Transform application from Okta's Integration Network directory.

Once Transform has been added as an application in Okta, find the "Setup Instructions" link that's provided in Okta in the "Sign On" Tab within the Transform application object. You can also access the instructions here as long as you are signed in to your Okta Admin dashboard since some components of the configuration are tailored to your Okta details.

Visit Okta's documentation for more details on adding an application and provisioning a user for an application. For Provisioning configuration please see this guide.


Currently, users changing their emails within their Okta user profile requires you to notify Transform of the change, until we offer provisioning support. If your users need to change their emails within Okta, please contact


403 Error

If your users see this 403 error when they log into Okta, this means the Okta Admin must add them to the Transform app in Okta.

403 error

Lost Configuration Fields

If you enable Okta and then misplace your SAML Connection Name and Organization ID, remember these were sent to the email of the user that enabled Okta. If you cannot find this email please email

okta details form