Skip to main content



Bold Penguin supports a wide variety of SAML 2.0 and OAuth 2.0 identity providers for SSO into the Bold Penguin Terminal.

This is specific documentation for creating a SAML 2.0 SSO link between Okta Single Sign-On and the Terminal. Additional information regarding Okta Single Sign-On is available at the end of this document.

In this document you will:

  • Create the Okta applications necessary for the connection
  • Configure the required SSO (Single Sign On) link for authentication
  • Configure user attributes
  • Map roles to users to connect your environment to Bold Penguin

Create Applications

You will create two new applications in the Okta Admin Console for the Bold Penguin beta and production environments.

  1. Navigate to the Admin Console in your Okta org by clicking Admin in the upper-right corner

    • NOTE: If you are in the Developer Console, click <>> Developer Console in the upper-left corner and then click Classic UI to switch over to the Admin Console in your Okta org.
  2. In the Admin Console, go to Applications > Applications

  3. Click Add Application

  4. Click Create New App to start the Application Integration Wizard

  5. To create a SAML integration, select Web as the Platform and SAML 2.0 for the Sign on method

    Add application screen

  6. Click Create

  7. Enter a name for your integration and add any other details you need for your dashboard.

    Name application screen

  8. Click Next to switch to the Configure SAML tab

    Configure SAML screen

    • NOTE: If you are configuring Okta to support both Partner Portal and Terminal you need to select Allow this app to request other SSO urls in the Configure SAML tab and add the SSO URL as shown below in step 9. This must be done for each environment.
  9. Use the table below to set the appropriate values for Single sign on URL and Audience URI (SP Entity ID) for each environment


    • Single sign on URL
    • Audience URI


    • Single sign on URL
    • Audience URI
  10. Leave Default RelayState blank

  11. Set the Application username to a unique field like email or Okta username

  12. Your claim needs the following minimum set of attributes:

URI ReferenceValue
  1. The group attribute statement maps to the appropriate Okta attribute to pass the Bold Penguin defined role as part of the claim. For instance:
URI ReferenceFilter with BoldPenguin
  1. Click Next and then Finish to complete configuration for this application

  2. From the main settings page for your new integration click the Sign On button

  3. In the SIGN ON METHODS section, locate the Identity Provider metadata link right above the CREDENTIALS DETAILS section

    Metadata screen

  4. Right-click the Identity Provider metadata link and select Copy Link Address

  5. Email the metadata URL from step 16 to your Bold Penguin Project Manager

  6. After completing the beta application, repeat these steps for production

Assign Users and Roles

Add the appropriate users and groups to the beta and production applications. You must also assign the User role (or other predefined roles) to one or more Okta users. These roles and permissions will be defined by you and your Project Manager based on our role recommendations.

To assign your integration to users in your org:

  1. Click the Assignments tab.
  2. Click Assign and then select either Assign to People or Assign to Groups.
  3. Enter the appropriate people or groups that you want to have Single Sign-On into your application, and then click Assign for each.
  4. For any people that you add, verify the user-specific attributes, and then select Save and Go Back.
  5. Click Done.


Your Project Manager will confirm receipt of the metadata URLs from your applications above. Once we add these to your tenant, you should be able to login to the Bold Penguin Enterprise Terminal using the dashboard URL for your domain:


NOTE: Replace [domain] with your unique domain provided during on-boarding.

When your users first authenticate into Okta, Bold Penguin receives the roles you mapped above in our authentication layer.

Next, you will work with your project manager to add the appropriate permissions for each role or group.

Useful Okta resources