Nomos One Knowledge

Contact Support

Single Sign On Set Up - Okta

Administrator

Written By rosa.elliscook (Administrator)

Updated at November 19th, 2025

Table of Contents

App Creation Single Sign On setup Certificates

This article will provide the steps required to set up Nomos One single sign on access for your organisation, using Okta as the identity provider.

App Creation

  1. Sign in to the Okta dashboard.
  2. In the Overview section, click the “Add an app" link under “SSO Apps”.
  3. On the Applications page, click the “Create App Integration” button.
  4. On the “Create a new app integration” modal, select “SAML 2.0” and click “Next”.
  5. Enter the name of your app, and click “Next”. 

At this point, you should be on the “Create SAML Integration” page:

Single Sign On setup

  1. In the “SAML Settings” section, enter the Single sign-on URL and Audience URI (SP Entity ID) values from the prerequisites, and make sure “Use this for Recipient URL and Destination URL” is checked.
  2. Update “Name ID format” to “Persisten”.
  3. Update “Application username” to “Email”.

Attribute Statements (optional)

  1. Update the following:
    1. For “Name”, enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    2. For “Name format”, enter: URI reference
    3. For “Value”, enter: user.email

The majority of the setup within Okta is now done. The certificate conversion still needs to be done, but will be processed after the Cognito configuration, which is handled by the Nomos One team.

Certificates

  1. In Cognito, go to the IdP page for the provider created in the previous setp.
  2. Click “View signing certificate”.
  3. Click “Download as .crt”.
  4. Click “View encryption certificate”.
  5. Click “Download as .crt”.

Once the certificates are downloaded and converted, we can move to the final steps:

  1. Return to the application you created in Okta.
  2. Click on the “General” tab.
  3. Under “SAML Settings”, click “Edit”. 
  4. Click on “Next”, then “Show Advanced Settings”.
  5. Update the following:
    1. For “Response”, choose: “Signed”.
    2. For “Assertion Signature”, choose: “Signed”.
    3. For “Assertion Encryption”, choose: “Encrypted”.
    4. For “Encryption Certificate”, upload the Encryption Certificate from AWS.
    5. For “Signature Certificate”, upload the Signing Certificate from AWS.
    6. For “Sign Requests”, choose: “Validate SAML requests with signature certificates”.

Once the above is done, the “General” section should look something like this:

To finish up, leave all other fields as default, and click “Next”, then click “Finish”.

The setup process will now be complete, and your organisation can begin using single sign on to access Nomos One.

Nomos One does not provide or purport to provide any accounting, financial, tax, legal or any professional advice, nor does Nomos One purport to offer a financial product or service. Nomos One is not responsible or liable for any claim, loss, damage, costs or expenses resulting from your use of or reliance on these resource materials. It is your responsibility to obtain accounting, financial, legal and taxation advice to ensure your use of the Nomos One system meets your individual requirements.

Related Articles

Set up Single Sign On (SSO)

Our Single Sign On (SSO) framework is available to all Nomos One customers, meani...

Add and remove Users in an Organisation

You can add, remove, and manage a User's access and permissions in an Organisatio...