Configure SAML on Okta

  • Updated

Step 1: Add an Okta application for each tenant

From the Okta admin Applications panel, click Add Application and search for “Benchling for Enterprise” in the Okta gallery.

In the General settings, create and specify a name for the application. Click Done.

Step 2: Configure the application

In the Sign On tab, click Edit and make the following changes:

  1. Uncheck the box next to Disable Force Authentication.

  2. Under Advanced Sign-on settings, fill in:

For the Domain, use the URL of your Benchling tenant. This will look like or

For the Tenant name, use your tenant name. This is most commonly the first portion of the URL. In the example above, acme or acme-validated would be the tenant name, respectively. Note: Benchling Support may provide you with a different value to populate this field.

By default, Okta will send the ${user.firstName} attribute, and this information will be used (along with ${user.lastName}) in order to set the user's Display Name within Benchling. If you would like to use a separate profile attribute to indicate the first name, you can do so by adding a preferredFirstName attribute to your SAML Application.

See instructions from Okta for further assistance.

Step 3: Send Benchling your metadata URL

Look for "Identity Provider metadata is available" on the Sign On tab:

Right click Identity Provider metadata and copy the URL. This is your metadata URL - it should look something like "". Send it to Benchling support, as we will need it to complete configuration on our end.

Step 4: Configure Single Logout [Optional]

If you would like to enable this feature, request the Signature Certificate from Benchling Support. Once it has been provided, check the option labeled “Enable Single Logout” and upload the certificate under “Signature Certificate”.

Step 5: Continue following previous document

Return to SAML Single Sign-On and continue from Step 2.


Was this article helpful?

Have more questions? Submit a request