SSO / SAML - Okta

Paycor Legacy Support

May 8th, 2024 Updated

Please note: This article only applies to standalone customers. This article does not apply to those who are integrated into the broader Paycor HCM platform.

Getting Started

After logging into your Okta account, navigate to the top options menu and select Admin > Applications to begin the 7Geese Integration.

After selecting the Applications tab, continue to Add Application. Type in the following to begin the 7Geese+Okta setup: Template SAML 2.0 App

Be sure to select Add to move forward.

After adding the SAML template, you will need to modify several fields in the list to match the following table

Please see the video walkthrough to know where to input the corresponding text into the Okta app.

Note: That in the video it will indicate, this must be updated to to function.


After copying each corresponding text in their fields, move forward with the integration by selecting Next.

At this stage of the integration, you need to assign the Okta application to your team members. You will set the username structure, which is typically the e-mail address of your colleagues, but you can use any text-related username structure. When completed, click Done for Okta to assign the usernames.

Configuring Okta

  1. After setting up the usernames for your team members, you can now begin to link 7Geese to the Okta login application. To get started, click on the Sign On tab, scroll down and click on the View Setup Instructions button.
  2. You will need to make note of the following information under the Configuration Data section as they will transfer over to the SAML setup in 7Geese:
    • The External Key
    • The Public Certificate (NOTE: You will have to download the certificate and open it in a text editor program)
    • Redirect Login URL
    • IDP Metadata URL (copy the URL for the "Public Link" 

Setting Up 7Geese

Begin by accessing Organization Settings in your 7Geese account or go to the following URL:

Enter the parameters from Okta into the 7Geese into the corresponding fields outlined in the table below:

After all data points are entered the page should show you your newly created SAML endpoints that you can then use to finish configuring Okta. These data points are listed at the bottom below the inputted Okta fields. It is important that you do not activate your SAML integration just yet, as there is one final step in Okta.

Finish Setup

  1. You must now go back and edit your previously created 7Geese application information in Okta.
  2. To review the configuration data, click on the General tab and select Edit under App Settings.
  3. Replace the inputted fields at the beginning of the integration with following values gathered from 7Geese: 

Testing The Integration

  1. You should now be ready to test the integration.
  2. You can test the integration directly through the integrations tab under organization settings where you originally setup the Okta SAML parameters. You will want to utilize the Assertion Consumer Service, or SSO Service URL:
  3. Once tested, click Enable to sync Okta to 7Geese. 

Adding new team members

To add new team members after OKTA provider is setup for single-sign-on, invite the new team member from 7Geese. They'll be prompted to setup a password, where they'll be redirected to the login page. From here, they'll be able to select the SAML login option.