Feature availability
- Platforms: Desktop only
- Plans: Select School and Business plans
- Team roles: Administrators
Important: The BioDigital team must first enable SSO for your account. If you are interested in enabling SSO for your team, contact your dedicated Account Manager or our Customer Experience team.
Use this guide to configure Okta SAML single sign-on (SSO) for your BioDigital Human team. Once enabled, eligible users can sign in using their Okta credentials instead of a separate BioDigital password.
Before you begin
Before starting configuration, make sure:
- Your organization uses Okta
- You have administrator access to your Okta account
- You also have administrator access to your BioDigital Human team account
Step 1: Create a new SAML app integration in Okta
Start by creating a new enterprise application for the BioDigital Human in Microsoft Entra:
- Log in to the Okta Admin Console.
- Open Applications in the left navigation menu and select Applications.
Click Create App Integration at the top of the page.
Click image to expand - In the new window that appears, select SAML 2.0 as your sign-in method.
- Click Next.
- In the App name field, enter BioDigital Human (or your preferred app name).
- (Optional) If desired, upload the BioDigital “B” as your app logo: Click to download.
- Click Next.
Step 2: Configure SAML settings in Okta
Next, configure your new Okta app integration’s SAML settings to work with the BioDigital Human:
- Under SAML Settings, enter the following values:
- Single sign-on URL:
https://human.biodigital.com/ws/user/sign/in/okta - Check the box next to Use this for Recipient URL and Destination URL
- Audience URI (SP Entity ID):
https://human.biodigital.com/okta/metadata - Name ID format:
Persistent
- Single sign-on URL:
- Under Application username, select Custom and enter the following expression:
user.getInternalProperty("id") - Leave all remaining advanced settings at their default values.
- Under Attribute Statements, add the following attributes and values:
- email (Basic):
user.email - first_name (Basic):
user.firstName - last_name (Basic):
user.lastName
- email (Basic):
In the Help Okta Support understand how you configured this application section, check the box next to It’s required to contact the vendor to enable SAML.
- (Optional) Complete the remaining questions as desired.
- Click Finish.
Step 3: Collect your Okta metadata URL
To complete SSO configuration in the BioDigital Human, you will need to retrieve your Okta metadata URL:
- Open the BioDigital Human application you just created in Okta.
- Navigate to the Sign On tab.
- Locate the Metadata URL field and copy the URL value.
- Store this value for use in Step 4.
Step 4: Configure SSO in the BioDigital Human
The final step is to create your SSO configuration in the BioDigital Human using the metadata URL from Microsoft Entra:
- Log in to the BioDigital Human.
- Click the profile icon in the upper-right corner and select Team from the drop-down menu.
- Click Manage.
- Open the Team Access tab and scroll down.
- Under Single Sign-On (SSO) Configuration, click + Add SSO Configuration.
- Under SSO Provider, select Okta from the drop-down menu.
- Enter a Configuration Name.
- Enter the metadata URL you copied in Step 3.3 into the Metadata URL field.
- Check the box next to Enable this SSO configuration.
- Click Save Configuration.
Success—your Okta SAML integration is now active!
What to expect after SSO is enabled
Existing users
The next time an existing team member signs in, they will be prompted to link their BioDigital Human account to their Okta account.
Once linked, future logins will occur through SSO.
New users
New team members will be prompted to authenticate through Okta when creating a BioDigital Human account.
If SSO is later disabled, these users will be required to create a BioDigital password.
Administrator fallback login
In the event of SSO failure, administrators are able to sign in with their original password.
For this reason, password setup remains required for all Administrator accounts.