Configuring Reasons for Access with Okta.

This guide provides the steps required to configure SAML with Okta, and includes the following sections:


The following SAML features are supported:

Configuration Steps

  1. Copy the Metadata URL from the Okta Admin Console, SAML 2.0 Sign on methods section.
  2. Contact the reasons for access support team ( and request that they enable SAML 2.0 for your account. Include the "Metadata URL" value from the previous step. The reasons for access support team processes your request.
  3. Create the grantType attribute in the Profile Editor.
    1. Variable name: grantType
    2. Enum:
      • Value: autoGranted
      • Value: authorizedRequest
      • Value: allowedRequest
    3. Required: Yes
    4. Attribute Type: Group
      Setup grant type attribute
  4. Add the grantType attribute to the SAML attributes.
    1. Click Edit and open Attributes (Optional). Note: This only shows up, after you click Edit
    2. Add attribute grantType with value appuser.grantType
      Add attributes
  5. We recommend using groups to assign users, to the Reasons for Access application. And to set the grant-type for the group.
    1. Create three Okta groups for each grant type: Auto Granted, Authorized Request, Allowed Request
      Create Okta groups
    2. Assign the groups to the application with the correct grant type.
      Assign Okta groups
    3. Assign users to the correct groups.

Known Issues/Troubleshooting