Set up Okta SAML SSO for Glyphic
Last updated: March 26, 2026
This guide describes how to set up Okta SAML SSO authentication for Glyphic.
Step 1: Create a SAML app in Okta
Log in to your Okta Admin account.
Click Admin.
Go to Applications → Applications → Create App Integration.
In the dialog:
Sign-in method: Select SAML 2.0
Click Next.
General Settings:
App name:
Glyphic(Optional) Upload the Glyphic logo
Click Next.
SAML Settings:
General:
Single sign-on URL (ACS URL):
https://saml-prod-8b78cf61bdc911eda56f3950b1ce3d93-eu-west-1.aws.supertokens.io/api/oauth/samlAudience URI (SP Entity ID):
https://saml.boxyhq.comName ID format:
EmailAddressApplication username:
Email
Attribute Statements:
Add the following Name and Value records:
id→user.idemail→user.emailfirstName→user.firstNamelastName→user.lastName
Group Attribute Statements:
Add a group filter so that groups starting with the prefix
Glyphic_are passed to Glyphic.Name:
groupsFilter:
Starts with→Glyphic_
Leave the rest as default unless instructed otherwise by your admin team.
Click Next.
Complete the Feedback page and click Finish.
In the Sign On tab for your new app, click View SAML setup instructions.
Copy the IDP metadata XML — you’ll need to send this to Glyphic.
Step 2: Configure Okta in Glyphic
Reach out to your Glyphic contact or to
support@glyphic.aiSend a message requesting to have Okta SAML SSO enabled
Send the IDP metadata XML from Okta: we'll need this to connect to your account
Glyphic will notify you once setup is complete
Step 3: (Optional) Assign Glyphic roles via Okta groups
If you create the following Okta groups and assign users to them, Glyphic will automatically map these to roles on the next user login:
Glyphic_Owners →
OWNER
Glyphic_Admins →
ADMINGlyphic_Users →
USERGlyphic_Viewers →
VIEWER
Role changes in Okta will be applied the next time the user logs in to Glyphic.
If you don't configure Glyphic role groups, new users will default to USER s
Step 4: Assign users in Okta
In Okta, open your new Glyphic app.
Go to the Assignments tab.
Assign the users and/or groups who should have access to Glyphic.
They can now log in via your Okta SSO page or the Glyphic login screen.
FAQ
How do users log in via SAML SSO?
Once the above setup is complete, users can go to the Glyphic login page, enter their work email address, and they will see a button to log in with SAML SSO.
Do users need to be invited from within Glyphic's User Management page?
No, if you have SAML SSO enabled, you do not need to manually invite users from within Glyphic. Any user who you have granted access to Glyphic within Okta will be able to log in, even if they have not been invited from within Glyphic.
Users who have been invited within Glyphic, but are not assigned access within Okta, will not be able to log in via SAML SSO.
Do I need to assign Glyphic roles via Okta groups?
If you do not configure Okta groups, any new user signing up for Glyphic via SAML SSO will be given the User role.
Does Glyphic support SCIM?
No, SCIM is not supported currently — Deleting or deactivating a user in Okta will prevent them from logging in to Glyphic, but you’ll still need to manually remove them in the Glyphic User Management Dashboard to fully delete their account.
Why do I see a 403 error when clicking the Glyphic tile in Okta?
The Okta tile tries IdP-initiated login, which is not supported as IdP flows are less secure (see this article for more info).
Glyphic's login page supports SP-initiated SAML login (the secure, recommended flow). Your users should navigate directly there to log in.
If you still want Okta homepage tile to direct users to Glyphic you can use this workaround:
Set the Glyphic SAML app tile as hidden in your Okta dashboard.
Create an Okta Bookmark App pointing to
https://app.glyphic.ai/authand show that tile to users instead.Assign users to both apps:
The SAML app enforces access and handles authentication.
The Bookmark app is just a dashboard link that launches Glyphic with SP-initiated SSO.