Trusona+Okta Integration Guide


This guide details the steps required to configure Trusona as a passwordless authentication solution for your Okta cloud instance.

Step 1: Email Us

Send an email to with the following information:

  1. Company name

  2. Email domain(s) associated with your Okta users

Trusona will email you back the following: 

  1. IdP Signature Certificate  

  2. Origin URL 

Step 2: Log into the Okta admin portal

If you are logged into the developer portal by default than select the dropdown and select Classic UI.

Developer portal in Okta.png

If you see this page instead than select Admin button if not move onto step 3.


Configuring Okta

Note: If the Okta instance is not using MFA or 2FA you can skip step 3 and move onto step 4

Step 3: Create API token

Navigate to “Security” > “API” and then click the “Create Token” button. 

Create API token.png

Copy your API token (“Token Value” in the above image) and save it somewhere safe. You will send this to Trusona along with other information in step 8.

Step 4: Add Origin

Navigate to “Security” > “API” > “Trusted Origins” and click the “Add Origin” button.

Trusted Origins.png

Note: If the Okta instance is not using MFA or 2FA you can skip step 5 and move onto step 6

Step 5: Create a group

Navigate to “Directory” > “Groups” > select “Add Group” and create a name and a description 

Create a group.png
Add group.png
Name Group.png

You don’t need to maintain the membership of this group. Group membership is automatically managed by Trusona via the Okta API.  Do not add any members to the group. 

Step 6: Create an Identity Provider

Select “Security” > “Identity Providers” > Click “Add Identity Provider” > Add SAML 2.0 IdP 

Note: If the “Add Identity Provider” button does not have a drop down then click “Add Identity Provider” and continue with the steps below. 

Add Identity providers.png
Add SAML 2.0.png

Complete the form to add the new SAML IdP using the information below: 

General Settings.jpg
Authentication Settings.jpg

Once the information in the tables above has been entered into the form, click the “Add identity provider” button to continue. 

Edit Identity Provider.png
SAML protocol settigns.png

Click “Show Advanced Settings” 

Uncheck Sign SAML Authentication Request.



Step 7: Create new Sign-On Policy

Select “Security” > “Authentication” > “Sign on” 

To create the new policy, click the “Add New Okta Sign-On Policy” button. 

Add policy.png
  1. Enter “TrusonaUsers” for the Policy Name 

  2. Choose a meaningful description for the Policy Description 

  3. Add the group you created in step 5 in the “Assign to Groups” section. 

create policy.png

Select “Create Policy and Add Rule” 


  1. Rule Name: Name rule (This rule allows users to authenticate from anywhere) 

  2. Note: Make sure “Prompt for Factor” is unchecked. 

  3. After creating a rule make sure the new rule is activated 

Enable Identity Provider

Enable Identity Provider

Active Rule.png

Step 8: Send Trusona your configuration details 

Using send the following information to


  1. API Token Key 

    • From Step 1 

  2. Base URL (URL while logged into Okta) 

    • Found in your browser’s navigation bar 

  3. Assertion Customer Service URL 

    • Located in Security > Identity Providers by expanding the SAML IdP row 

  4. Group URL 

    • Located in Directory > Groups > Trusona 


Once this information is received, Trusona will provision your Okta integration and notify you by email when the Trusona integration is ready for use.  

Base URL.png
Group URL2.png

Note: Do not move onto step 9 until you have recieved confirmation from Trusona that your infomration from step 8 has been provisioned. Otherwise you may be locked out of your account.

Step 9: Create Routing Rule 

Select “Security” > “Identity Providers” > “Routing Rules” 

 To create the new Routing Rule, click the “Adding Routing Rule” button. 

Identity Provider.png

When creating the new rule match the fields to the one in the image below and click “Create Rule.”

Create rule 2.png

Customizing the experience 

Step 10: Customizing your Trusona experience (optional) 

The Trusona Gateway (pictured below) includes default styling that will be familiar to your users using the Trusona App.  

Trusona Gateway.png

Optionally, it’s possible to provide a custom branded experience for your users including things like: 

  • A custom vanity URL 

  • Custom secure QR code colors 

  • Your company logo and colors 

In order for Trusona to create your custom gateway you need to provide to Trusona hex values and images for the following:

  • QR code

  • Foreground color

  • Background color

  • Body text

  • Hero

  • Hero alignment

  • Logo

  • Working with the template

For more information about customizing your gateway please visit the employee implementation get started guide.

Once you have everything needed for your custom gateway please send that information to

Daniel Fischpan