Product UpdatesStatus PageWorkato Academy
English
Get a trial
Workato Identity
Manage identities and access

# Identity provider user access

You can add users through your external identity provider (IdP). This enables you to authenticate end-user accounts for Agentic access. This authentication method doesn't grant end users access to Workato Orchestrate. You must configure a SAML-based SSO through your IdP before you can provide a user with access.

# Configure your identity provider

Configure your external IdP to use your company-provided Single Sign-on (SSO), such as Okta, to authenticate user accounts.

Complete the following steps to configure your IdP:

1

Sign in to your Okta (opens new window) account.

2

Go to Applications > Applications and click Create App Integration.

Add application in Okta Add application in Okta

Refer to the Okta documentation (opens new window) for more information.

3

Select SAML 2.0 as the Sign-in method and click Next.

Create a new application in Okta Create a new application in Okta

4

Enter a name for the app in the App name field. For example, Workato Agentic or MCP Servers.

5

Click Next.

6

Paste your Workato Single Sign-On URL into the corresponding field in Okta.

7

Select the Use this for Recipient URL and Destination URL checkbox.

8

Paste the Service provider (SP) entity ID into the Audience URI (SP Entity ID) field.

9

Set Name ID format to EmailAddress.

10

Go to the Attribute Statements section and add the following attributes:

Name Value
workato_end_user_name user.displayName
workato_end_user_groups appuser.workato_end_user_groups
11

Click Next.

12

Use the App type drop-down menu to choose This is an internal app that we have created.

13

Click Finish.

14

Go to Directory > People and add one or more users. You must complete the verification steps for each user.

15

Go to Applications > My App > Assignments.

16

Click Assign > Assign to People and add one or more users for My App.

17

Click Done.

18

Go to Applications > [Your App] > Sign On in Okta.

19

Copy the Metadata URL. You must use this URL in the Provide metadata from your IdP section of the Set up a new provider wizard in Workato. Refer to Set up environment authentication for more information.

20

Click Save changes.

Workato Identity
JIT provisioning


Last updated: 2/5/2026, 11:48:05 PM