Skip to main content
All CollectionsSet Up TorqSet Up Single Sign-On (SSO)
Set Up Torq SSO: Okta SAML 2.0 from App Catalog
Set Up Torq SSO: Okta SAML 2.0 from App Catalog

Follow this guide to set up Single Sign-On (SSO) with Okta using SAML 2.0 via the Torq app in the Okta App Catalog.

Updated over 5 months ago

You can configure SSO with Okta as the IdP and SAML 2.0 as the authentication and authorization protocol by using the Torq application from the Okta app catalog.

This guide includes several configurations that have to be made to the Torq catalog app.

If you encounter a problem following this guide, you can follow these instructions to configure SSO with Okta and SAML 2.0 by creating a new application in Okta.

Required permissions

To set up SSO with Okta, you need the following permissions:

  • Torq: Workspace owner

  • Okta: Administrator

1. Create the Torq App in Okta

1. Log in to your Okta portal and go to Applications > Browse App Catalog.

Screenshot of navigating to the app catalog in Okta.

2. Search for and select Torq.

Screenshot of searching for and selecting Torq app in Okta.

3. On the Torq page click the Add Integration button.

Screenshot of clicking the add integration button for the Torq app.

4. Select the Do not display application icon to users check box and click Done.

Screenshot of the do not display app icon to users checkbox.

5. Go to the Sign On tab and click Edit.

Screenshot of the sign on tab on the Torq app page.

6. Select a filter from the groups drop-down menu and provide a value:

  • We recommend you use the Matches regex filter with the .* value to pass on any user group value.

  • Another option is to use the Starts with filter with the value Torq to pass on only user group values that start with Torq.​

    Screenshot of selecting groups for Torq using regex match.

7. Click Save.

8. Click View SAML setup instructions.

Screenshot of viewing the SAML setup instructions in Okta for Torq app.

9. Copy and save the values for the following fields. You'll need them when configuring SSO in Torq.

  • Sign-On URL

  • Issuer URL

  • Public Certificate

Screenshot of the SSO fields required for setting up SSO in Torq.

10. Assign the Torq application to the relevant users and groups in Okta.

Screenshot of assigning Okta groups to Torq app.

2. Set up SSO in Torq

Sign in to Torq as an Owner to perform the following steps.

1. Go to Settings > SSO Login.

2. In the IdP Connection section click Add.

3. Select the SAML 2.0 protocol.

Screenshot of the SAML 2.0 configuration screen in Torq.
  • When using a Safari browser v16.1 or newer, the Login redirect URL must be US: https://app.torq.io/__/auth/handler or EU: https://http://app.eu.torq.io/_/auth/handler. If this isn’t the case, you should contact Torq support and ask them to update this URL for your workspace before you continue.

  • Contact Torq support if you need to change the Login redirect URL.

4. Enter the values for the following fields that you copied and saved from Okta.

  • Sign-On URL

  • Issuer URL

  • Public Certificate

5. Click Save.

3. Define SSO Claims Mapping

The claims mapping defines the role that logged-in enterprise users are assigned in the Torq workspace.

The mappings are interpreted in an ordered, top-down manner. The mapping assigning the highest privilege should be listed first and the other mappings should be listed in descending privilege order. A user is assigned a role according to the first match, disregarding any following assignments.

1. Click Add to create a new claim mapping rule.

2. Provide the following elements for each claim mapping rule:

  • Name: The claim (field) provided by the Identity Provider. Specific frequently used claims include email for a particular user or groups.

  • Value: The expected value for the claim to assign a specific role to the user. Claim values are case-sensitive.

3. Create as many claim mapping rules as you need.

Add claims mapping in Torq

4. Sign in to Torq Using SSO

There are 2 ways to sign in to Torq:

  • Go to app.torq.io (or app.eu.torq.io if you're in the EU), select Use Single Sign-On, and enter your email (SP-initiated flow).

    Torq SSO
  • From the Okta Apps portal, by using the Bookmark app after you follow the instructions below (IdP-initiated SSO isn't supported with SAML 2.0 but you can simulate it with the Okta Bookmark app).

Sign in to Torq from Okta

Add an Okta Bookmark App integration to display the Torq application to Okta users. You can customize the Bookmark App integration to display the Torq logo.

1. In the Okta portal go to Applications > Browse App Catalog.

2. Search for and select the BookMark App.

3. Click Add Integration.

Add a Bookmark App integration in Okta

4. Provide the following configuration values:

5. Go to Assignments to assign the Bookmark app integration to the relevant users.

6. Download the Torq logo attached to this article.

7. Click the edit icon on the logo tile, browse for the new logo file, and then select Update Logo.

Update the Bookmark App integration logo

Okta users now have an application icon on their desktop that simulates the Okta IdP-initiated flow to sign in to Torq.

Did this answer your question?