This article will guide you through enabling SAML Single Sign-On (SSO) for your Retently account using Okta. SAML SSO gives users a centralized and secure way of controlling access to their organizations. When you join an organization that uses SAML SSO, you sign in through the organization’s IdP (Okta), and your Retently account is linked to that external identity.
Important Notes:
SSO is available only on our Enterprise plans.
We only support SAML SSO (no SCIM provisioning).
We do not provide a public UI for SSO self-configuration. Please contact your Customer Success Manager or support@retently.com to enable this feature.
Once SSO is enabled, all teammates for that account must log in via Okta (no local Retently passwords).
1. Contact Retently to Enable SSO
Reach out to your CSM or support@retently.com.
Provide your Retently account details (e.g., company name, your Retently URL or slug).
Let them know you want to enable Okta-based SAML SSO.
Our team will set up an SSO configuration on our end for your Retently account. In the following steps, you will create a custom SAML application within your Okta admin portal and provide us with the necessary details.
2. Create a New SAML App in Okta
Sign in to your Okta Admin console.
Click Applications → Applications → Create App Integration.
Select SAML 2.0 and Next.
You’ll be asked for SAML Settings like Single Sign-On URL and Audience URI.
For the Single Sign-On URL (also called ACS/Consumer URL), you can use: https://app.retently.com/account/sso/callback
This is our “Assertion Consumer Service” endpoint, where Okta will POST the SAML assertion after login.
For the Audience URI (SP Entity ID), you can enter: retently-saml
Okta then provides (or you can find under “Sign On” → “View Setup Instructions”):
Single Sign-On URL (a.k.a. IdP SSO URL or entryPoint)
Issuer (IdP Entity ID)
X.509 Certificate (the public certificate from Okta)
Tip: If your Okta environment automatically generates “metadata,” you can just copy the relevant fields from that XML. But typically, you’ll see the three pieces of info clearly listed in Okta’s “Setup Instructions” panel.
3. Send Okta SSO Details to Retently
After creating your SAML application in Okta, you’ll need to send the following to Retently:
IdP SSO URL (entryPoint):
Example: https://example.okta.com/app/abc123/sso/samlIssuer:
Example: http://www.okta.com/abc123X.509 Certificate (IdP Certificate):
The base64-encoded string typically found in “View Setup Instructions” in Okta.
Retently will configure your account’s SSO settings in our system with those values. Once we confirm the setup is complete, you’ll be ready to test.
4. Testing the SSO Flow
Open https://app.retently.com/account/sso (or the direct link provided by your CSM).
Retently will redirect you to Okta to authenticate (if you aren’t already signed in).
Okta validates your credentials and sends a SAML assertion back to Retently.
You are logged in to your Retently dashboard without any additional password prompt.
Because this is SAML-based login, no local Retently password is required for SSO-enabled accounts.
5. Enforcing SSO for Your Whole Organization
Note: Once SAML SSO is enabled on Retently’s side, all team members in your Retently account will be required to log in via Okta. We do not offer a “toggle” for password-based fallback.
6. Frequently Asked Questions
Q: Do I need Retently’s certificate?
Only if your Okta admin requires you to upload a “Service Provider certificate” for signing. Retently can provide a public certificate or a SAML metadata XML upon request. In most cases, you can leave “Signed Request” or “Signed Response” off in Okta if not required.
Q: Do you support SCIM?
No. Retently does not currently support automatic user provisioning/deprovisioning. You can manage team members in Retently or via CSV import/manual entry in Okta. But user authentication flows exclusively through SAML.
Q: What if I can’t access my IdP?
If your Okta is down, we can temporarily disable SSO on your Retently account. Please contact support@retently.com.