Integrating Trusona and Okta Cloud IAM

This guide details the steps required to configure Trusona as a passwordless authentication solution for your Okta cloud instance.

1. Prerequisites

Before proceeding, ensure that you have the following steps completed:

  • Admin access to Okta Cloud IAM.
  • Have admin access to the Trusona Dashboard. If your company does not have an account, visit the Trusona Dashboard to create one. Otherwise, consult with the owner of your company’s Trusona Dashboard account in order to create the integration.

2. Getting Started

2.1. Log into the Okta admin portal

If you are logged into the developer portal by default than select the dropdown that reads Developer Console and click Classic UI

If you see this page, click on the Admin button.

Switch to Classic UI
Switch to Classic UI
Click admin button
Click admin button

2.2. Create API token

Navigate to Security > API and then click the Create Token button.

Copy your API token (Token Value) and save it somewhere safe. You will be using it in later steps

Navigate to Security
Navigate to Security
Create and copy API token
Create and copy API token

2.3. Create a group

Navigate to Directory > Groups > click Add Group and create a name and a description.

  1. Name the group Trusona
  2. Provide a group description
  3. Click Add Group

This group is used to prevent users, who are using Trusona for passwordless login, from being prompted for an additional second factor of authentication.

You don’t need to maintain the membership of this group. Group membership is automatically managed by Trusona via the Okta API. Do not add any members to the group.

Create a new group
Create a new group

2.4. Navigating the dashboard

From the Trusona Integration dashboard, navigate to Okta Integrations & click on Create Okta Integration.

Navigate the Trusona Integration dashboard
Navigate the Trusona Integration dashboard

2.5. Inputing Data

4 different input fields will be shown.

  • Name

  • Okta Tenant URL
    • This will look similar to
  • API Token
    • The value from the token you made in Step 2.
  • Group ID
    • This is the value from the URL you copied in Step 3.
Input the required data
Input the required data

2.6. Accessing generated data

Click on Save after entering all relevant information. Trusona will generate data that you will use in the Okta platform. Don’t worry about the warning message regarding “Missing metadata“ for now.

View data
View data

3. Create an Identity Provider

Navigate to Security > Identity Providers > Click Add Identity Provider > Click SAML 2.0 IdP.

Create an identity provider
Create an identity provider

Note: If the “Add Identity Provider” button does not have a drop down then click “Add Identity Provider” and continue with the steps below.

Complete the form to add the new SAML IdP using the information below:

3.1. General Settings

Field Value Instructions
Name Trusona  

3.2. Authentication Settings

Field Value
IdP Username idpuser.subjectNameId
Filter Unchecked
Match against Okta Username
If no match found Create new user (JIT)

3.3. JIT Settings

Field Value Instructions
Profile Master Unchecked  
Group Assignment Assign to specific groups  
Specific Groups Your Group Name Enter the group name created in step 5.
If no match found Create new user (JIT)  

3.4. SAML Protocol Settings

Click the ‘View’ button on the Okta integration in your Trusona Dashboard to view your IdP Issuer URL, IdP Single Sign-On URL, and Signature Certificate.

Field Value Instructions
IdP Issuer URI  
IdP Single Sign-On URL https://<YOUR ORIGIN URL>/saml This is unique to your integration with Trusona. and will look something like
IdP Signature Certificate Download the Signature Certificate by clicking the ‘View’ button on the Trusona Dashboard and clicking ‘Download Certificate’  

Once the information in the tables above has been entered into the form, click the Add identity provider button to continue.

4. Add Origin

Navigate to Security > API > Trusted Origins and click the Add Origin button.

  1. Name your Origin Trusona.
  2. To create your Origin url, copy your IDP Single Sign-On from the Okta integration in the Trusona Dashboard then delete the https:// and /saml. Example:
  3. Enter you newly created Origin URL.
  4. Check both CORS and Redirect checkboxes.

5. Create new Sign-On policy

5.1. Navigate to “Security” > “Okta Sign-on Policy”

To create the new policy, click the Add New Okta Sign-on Policy button.

  1. Enter TrusonaUsers for the Policy Name.
  2. Choose a meaningful description for the Policy Description.
  3. Add the group you created in step 5 in the Assign to Groups section.
  4. Click Create Policy and Add Rule.
  5. Rule Name: Name rule (This rule allows users to authenticate from anywhere).
  6. Ensure that Require secondary factor is unchecked. (If “Require secondary factor” is checked, users may see unnecessary 2FA prompts after using Trusona to login to Okta.)
  7. After creating a rule make sure the new rule is activated.
Create a new sign-on policy
Create a new sign-on policy

6. Create Routing Rule

Note: Do not move onto step 10 until you have completed step 9. Otherwise you may be locked out of your account.

  1. Navigate to Security > Identity Providers > Routing Rules.
  2. Click the Adding Routing Rule button.
  3. Match the fields below.
  4. Click Create Rule.
Create a new routing rule
Create a new routing rule
Field Value
Rule Name Trusona
User’s IP is Anywhere
User’s device platform Any device
User is accessing Any application
User matches Anything
Use this identity provider Trusona

Trusona recommends that this newly created routing rule be placed above existing routing rules. This ensures that users are redirected to the Trusona IdP for authentication. Your specific implementation and/or deployment needs may require the rule to be placed somewhere other than first in the list.

7. Create a Trusona Registration application

The Trusona Registration application helps your users link their Okta account to their Trusona Account. This process guarantees that users are identified by the Trusona IdP with a known and valid Okta identifier. All users that intend to use Trusona to login with Okta should complete the registration process described below before attempting to use Trusona to login to Okta.

7.1. General Settings

  1. Applications > Applications > Add Application.
  2. Click Create New App.
  3. Choose the SAML 2.0 optioon.
  4. Click Create.
  5. Click Next.
Create a new application
Create a new application
Choose SAML 2.0
Choose SAML 2.0
Field Value
App name Trusona
App logo Trusona logo
App visibility Unchecked

7.2. Configure SAML

  1. Navigate to the Okta integration in the Trusona Dashboard -> Click Actions -> Show -> Under “Trusona Registration Application”, copy the IdP Single Sign-on URL. The url will end in /registrations. Example:**/registrations
  2. In Okta, re-open the Trusona application and enter the IdP Single Sign-On URL.
  3. Check on “Use this for Recipient URL and Destination URL”.
  4. Audience URL (SP Entity ID): Enter
  5. Click Next.

7.3. Upload the Okta X.509 Certificate to Trusona

  1. In Okta, Applications -> Applications -> Trusona -> Sign On -> Click View Setup Instructions under “SAML 2.0 is not configure until you complete the setup instructions” prompt -> Scroll down to X.509 Certificate -> Click Download Certificate.
  2. Go to the Trusona Dashboard -> On the left hand side, click on Generic SAML integration and the Okta integration you created will be listed.
  3. Select Actions -> Edit -> Under Certificate click Choose File -> Upload the X.509 Okta Certificate -> Click Save in the bottom left corner.

7.4. Feedback

  1. Click the radio button “I’m an Okta customer adding an internal app”.
  2. Click Finish.
Select the correct configuration
Select the correct configuration

7.5. Create an Assignment

Within the new Trusona application > Assignment > Assign.

  1. Assign to Groups.
  2. Select Everyone.
  3. Click Assign.
  4. Click Done.
Assign to Groups
Assign to Groups
Assign to Everyone
Assign to Everyone

8. Customizing your Trusona experience

The Trusona Gateway (pictured below) includes default styling that will be familiar to your users using the Trusona App.


Optionally, it’s possible to provide a custom branded experience for your users including things like:

  • A custom vanity URL
  • Custom secure QR code colors
  • Your company logo and colors

In order for Trusona to create your custom gateway you need to provide to Trusona hex values and images for the following:

8.1. Provide images

  • Hero image: 1440 x 1800 px
  • Logo image: 500 x 500 px

8.2. Provide hex values

  • Animated dot color: this is the color dots that animate
  • List of QR colors: multiples of the same color will appear more (provide 2 hex values)
  • Link color: also changes the Okta widget button colors
  • Text color:
  • Background color: affects background behind the QR, usually we just do pure white (#FFFFFF)

9. Okta Identifier Registration

Users who intend to use Trusona to login to Okta must complete these required one-time steps.

  1. Download and install the Trusona App.
  2. Register in the Trusona App.
  3. Login to Okta using their existing username and password.
  4. Find, and click on, the Trusona application “chiclet” created in Step 10.
  5. Scan the QR code with the Trusona App.
  6. Accept and complete the Trusonafication.

The user’s Okta identifier has now been linked to their Trusona account and they are now ready to use Trusona to login with Okta.

Please see Integrating Trusona and Okta SCIM for SCIM provisioning.




Get started guides
Implementation guides
Users guides


Mobile SDKs
Server SDKs
Web SDKs


Authentication Service
ID Proofing Service
Mobile Auth for Browsers Service