Back to all articles
Tutorials Apr 8, 2026 · 6 min read
Setting up SAML SSO with Okta in 10 minutes
Step-by-step walkthrough with screenshots, including SCIM 2.0 provisioning and group-based role mapping.
Single sign-on isn’t just about user convenience — it’s a foundational security control. Here’s the fastest path to production.
Prerequisites
- Quays workspace on Business or Enterprise plan
- Okta admin access
- 15 minutes
Step 1: Create the SAML app in Okta
In Okta admin, go to Applications → Browse App Catalog → search "Quays" → Add Integration.
Step 2: Configure attribute mappings
- email → user.email
- firstName → user.firstName
- lastName → user.lastName
- groups → user.groups (filter starts with "quays-")
Step 3: Enable SCIM provisioning
In the Quays app within Okta, enable Provisioning → To App. Paste the SCIM endpoint and bearer token from Quays Admin → Authentication → SCIM Setup.
You’re done
Test by assigning yourself to the app. You should land in Quays automatically with the correct role assigned via group mapping.
SC
Written by
Sara Chen
Solutions Engineer
