/console/settings/sso/new/okta.
Prerequisites
- Okta admin access for your org.
- Workspace admin in gavAI on a Scale or Enterprise plan.
- One or more email domains you control (you’ll prove ownership via DNS TXT).
1. Create the SAML app in Okta
- Okta Admin Console → Applications → Browse App Catalog. Search for “gavAI”. If the official integration isn’t visible, fall back to Create App Integration → SAML 2.0.
- App name:
gavAI(orgavAI — <workspace name>if you run multiple). - SAML settings:
- Single Sign-On URL and Audience URI (SP Entity ID): copy both from the gavAI wizard at
/console/settings/sso/new/okta. - Name ID format:
EmailAddress. - Application username:
Okta username.
- Single Sign-On URL and Audience URI (SP Entity ID): copy both from the gavAI wizard at
- Attribute statements:
email→user.emailfirstName→user.firstNamelastName→user.lastName
- Save the app.
2. Assign users / groups
In the new app’s Assignments tab, add the people who should be able to sign in. Group-based assignment is recommended.3. Hand metadata back to gavAI
In Okta’s app Sign On tab → View SAML setup instructions (or Identity Provider metadata), copy the metadata URL. Paste it into/console/settings/sso/new/okta and submit.
4. Verify domains
gavAI shows a TXT record to add at the DNS for each email domain you submitted. Add it; gavAI re-checks every minute until verified.5. Test
Sign out, then sign in athttps://gavai.io/login with an account in your IdP. You should be bounced to Okta, complete the IdP login, and land back in gavAI’s /console.
If something goes wrong, look at /console/settings/sso for the provider’s last-error field, and the tenant audit log at /console/activity for the failed authentication row.