Skip to content

Single Sign-On

SenseOn supports single sign-on (SSO) via Okta, allowing your users to authenticate to the platform using your organisation's existing identity provider. When SSO is configured, users can log in with their Okta credentials without needing a separate SenseOn password.

💡 SSO is optional. Users can also log in with a username and password regardless of whether SSO is enabled for your organisation. The two methods can coexist.

Prerequisites

  • An active Okta account with administrator access
  • A SenseOn account with Admin role
  • Users who will use SSO must have accounts in both Okta and SenseOn, using the same email address

How SSO Works

When a user selects Sign in with Okta on the SenseOn login page:

  1. SenseOn redirects the user to your Okta login page.
  2. The user authenticates with Okta (password, MFA, or however your Okta policy is configured).
  3. Okta issues a signed JWT token to SenseOn.
  4. SenseOn validates the token and logs the user in.

SenseOn does not receive or store the user's Okta password. All MFA enforcement during the Okta login step is handled by Okta according to your Okta policies.

âš  SenseOn MFA is separate from Okta MFA. If a user has the Active Response role, SenseOn's own MFA requirement still applies. See Multi-Factor Authentication for details.

Configuring SSO

SSO configuration is performed by SenseOn during your onboarding or at your request. Contact support@senseon.io to initiate the setup process. You will need to provide:

  • Your Okta domain (for example, yourcompany.okta.com)
  • The Okta application client ID and client secret
  • The list of Okta groups or user attributes that should map to SenseOn roles (optional)

Logging In with SSO

  1. Navigate to your SenseOn login page.
  2. Click Sign in with Okta.
  3. Complete authentication in Okta (including any MFA your Okta policy requires).
  4. You will be redirected back to SenseOn and logged in automatically.

Fallback to Username and Password

If Okta is unavailable, users can still log in to SenseOn with their email address and SenseOn password by clicking Sign in with password on the login page.

Admins can reset a user's SenseOn password at any time regardless of whether SSO is configured. See User Management for instructions.

User Provisioning

SenseOn does not currently support automatic user provisioning (SCIM) from Okta. User accounts must be created manually in SenseOn before SSO login is possible. The email address in SenseOn must match the email address in Okta exactly.

Troubleshooting

Issue Action
User gets "account not found" after Okta login Check the email address in SenseOn matches their Okta email exactly
User cannot log in via SSO Check Okta application is active and the user is assigned to it in Okta
SSO button not visible on login page Contact SenseOn support — SSO may not be enabled for your organisation

Contact support@senseon.io for any SSO configuration issues that cannot be resolved through the above steps.