SSO Configuration for Okta Customers

Archlet allows users to login via Okta as Single Sign-On (SSO) using Express Configuration. This document details how to configure SSO for your organization.

Prerequisites

In order to proceed with configuring login with SSO through Okta, you must:

  • Have access to an Okta tenant
  • Be an Okta administrator to that tenant
  • Have an active Archlet App subscription

Supported Features

Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Archlet.

Universal Logout - When enabled, Okta can terminate user sessions and tokens when risk is detected or when an admin initiates logout.

Configuration Steps

Step 1: Request Admin Account

Send an email to support@archlet.ch with the email address you want to use for the Express Configuration admin account.

Step 2: Receive Credentials from Archlet

Archlet support will create an admin account and reply with:

  • A temporary password
  • An organization name unique to your company

Step 3: Add Archlet App in Okta

  1. In Okta, go to Applications → Browse App Catalog
  2. Search for Archlet App and click Add Integration
  3. Click Done

‍Step 4: Express Configure SSO

  1. On the newly created Archlet App application, click the Sign On tab
  2. Click Express Configure & Universal UL
  3. Enter the organization name provided by Archlet
  4. When prompted for credentials, enter the admin email and temporary password provided by Archlet
  5. On the next screen, approve the connection with Archlet to complete the setup

Step 5: Enable Universal Logout

  1. On the Sign On tab of the Archlet application
  2. Check the box for "Okta system or admin initiates logout"

‍Step 6: Notify Archlet

Send an email to support@archlet.ch to confirm that you have completed the Express Configuration setup. Archlet support will then:

  • Enable home realm discovery for your domain
  • Enable application access so your users can log in

Wait for confirmation from Archlet before proceeding to the next step.

Step 7: Assign Users and Test

Once Archlet has confirmed the setup is complete:

  1. Assign the admin account to the Archlet application in Okta
  2. Assign any other users or groups that should have access to Archlet
  3. Test the login flow by navigating to app.archlet.io and logging in with the admin account
  4. You should be automatically redirected to your Okta SSO login

Step 8: Confirm Completion

After successfully testing the login flow, send a final email to support@archlet.ch to confirm everything is working. Archlet will then remove the temporary admin account as it is no longer needed.

Since only SP-initiated flow is supported, Okta recommends hiding the app icon for users to avoid confusion.

SP-Initiated SSO (Logging Into Archlet Using Okta)

The sign-in process is initiated from Archlet.

  1. From your browser, navigate to app.archlet.io. You’ll see a login screen.
  2. Enter your enterprise email address
  3. You will be automatically prompted to authenticate with Okta
  4. Enter your Okta credentials (email and password) and sign in

If your credentials are valid, you are redirected to the Archlet App dashboard.

Universal Logout

When Universal Logout is enabled, Okta can terminate user sessions across all applications when:

  • An administrator initiates a logout from the Okta Admin Console
  • The Okta system detects risk and terminates sessions for security

This ensures that when a user is logged out of Okta, they are also logged out of Archlet.

Notes

  • Archlet only allows SSO-based login and does not support password-based login for enterprise accounts
  • Please ensure that all users who need access to Archlet can authenticate using Okta

Troubleshooting

If you encounter any issues during configuration or login, please contact Archlet support at support@archlet.ch.