Set up SAML SSO with Okta

This is for Dashboard organization login. If you want to let your app’s end users authenticate with an external IdP, see Nylas Connect external IdP instead.

Where to find SAML settings: In the Nylas Dashboard, click your organization name in the top-left, then go to Settings in the sidebar. Select the SAML SSO tab (direct link: dashboard-v3.nylas.com/organization/settings/identity).

You must have Admin or Owner access to see this tab.

This guide walks through creating an Okta SAML 2.0 app and connecting it to your Nylas organization. Complete domain verification and the Custom SAML step before following these instructions.

You need an Okta Developer account (free) or an existing Okta org.

Service provider values

To find these values, go to Settings > SAML SSO in the Nylas Dashboard, then expand the Connect your identity provider step. The SP values appear under Service provider details for your IdP.

Nylas SP value	Where to paste it in your IdP
Metadata URL	Import metadata URL (if your IdP supports it; this imports SP Entity ID and ACS URL automatically)
SP Entity ID	Audience URI, Audience Restriction, or Identifier (Entity ID)
ACS URL	Single sign-on URL, Reply URL, or Assertion Consumer Service URL

Use the metadata URL when your IdP supports it. It imports both the Entity ID and ACS URL in one step, and Nylas keeps it current if values change.

Create the Okta SAML app

1. In the Okta Admin Console, go to Applications > Applications and click Create App Integration.

2. Choose SAML 2.0 and click Next.

3. On the General Settings tab, enter an app name (for example, Nylas Dashboard) and click Next.

4. On the Configure SAML tab, fill in the SP values from your Nylas Dashboard (Connect your identity provider step):

   • Single sign-on URL: paste the ACS URL.
   • Audience URI (SP Entity ID): paste the SP Entity ID.
   • Leave Default RelayState empty.
   • Set Name ID format to EmailAddress.
   • Set Application username to Email.

5. Under Attribute Statements, add the following:

   Name	Name format	Value
   email	Unspecified	user.email

6. If you plan to use group-to-role mapping, add a Group Attribute Statement:

   Name	Name format	Filter
   groups	Unspecified	Matches regex .* (or a more specific filter for the groups you want to send)

7. Click Next, select I’m an Okta customer adding an internal app, and click Finish.

Get Okta metadata and complete setup in Nylas

1. On the app’s Sign On tab, click View SAML setup instructions.
2. Copy the IDP metadata XML shown at the bottom of the page (or note the Identity Provider metadata URL).
3. Back in the Nylas Dashboard (Connect your identity provider step), paste the metadata XML into the IdP Metadata XML field or click Upload XML file, then click Save configuration.

The Connected IdP card confirms the saved SSO URL and entity ID.

Assign users to the Okta app

SAML login only works for Okta users who are assigned to the app.

1. In the Okta Admin Console, go to the app’s Assignments tab.
2. Click Assign and choose Assign to People or Assign to Groups.
3. Select the users or groups you want to grant Dashboard access to and click Done.

Test Okta login

1. Open a private browser window.
2. Go to the Nylas Dashboard login page.
3. Enter an email on your verified domain and click Continue.
4. You should be redirected to the Okta sign-in page.
5. Sign in and confirm you land in the Dashboard.

If login fails, see Troubleshooting.

What’s next

• Manage user access: Configure JIT provisioning and group-to-role mapping.
• Require SAML sign-in: Enforce SSO once login is confirmed.
• Custom SAML: Reference for SP field definitions.