Setting Up Marketo SSO with Okta

Version 3

    Issue Description
    You are trying to configure Marketo and Okta for SSO, but encounter errors.

     

    Issue Resolution

    1. Log in to Okta and go to the admin section.

     

    2. Click "add applications" then "create new app" (Do not use the community sourced Marketo app)

     

    3. For platform select "web" and for signon method select "SAML 2.0"

     

    4. Name the app "Marketo" (or any name you prefer) and upload the Marketo logo you would like to see displayed on the login tile, then click next

     

    5. In "SAML Setttings" for the Single sign on URL you will want:

    https://login.marketo.com/saml/assertion/<YOURMUNCHKINHERE>

    . For the Audience URI you will want:

    http://saml.marketo.com/sp

    Default Relay State can be left blank. For Name ID format select "email" or "emailAddress" and for application username you will want to select email (Be sure that your Okta user email matches what is in the login field for your Marketo user within Admin > Users & Roles). Leave attribute statements unused.

     

    6. Select finish and you should be brought to a page where you can select either "view setup instructions or identity provider metadata".

     

    7. One of those links mentioned in the last step will take you to a page where you can retrieve the issuer ID which will be put in the Marketo settings (under both Issuer ID and Entity ID) as well as the certificate you will need to download and then upload into your Marketo SSO configuration.

     

    8. Once you have set the issuer id, entity id, and certificate as described above, confirm that your Marketo User ID Location is set to Subject and then enable SSO. When you hit "save" in the SAML settings window in Marketo, the popup may not close, but your settings are retained and the window can be closed (if you would like to confirm it was saved, you can reload the page and will see the new saved settings)

     

    9. When you first setup SSO it is preferable to have all the SSO users available to confirm there are no issues with a particular user in an otherwise operational SSO configuration. However, if SSO works for one user, then the overall configuration is set correctly.

     

    Disclaimer: Marketo Support does not support 3rd party products, and cannot configure an SSO Identity Provider on your behalf.

    This document exists to aid users in configuring SSO, however, no guarantees are made that these setup steps will work.

     

     


    Who This Solution Applies To
    Okta Users, SSO users