Who can use this feature?
Plan: Call Center AI
Managed from: Admin Portal
Other: Okta admin privileges
Krisp single sign-on (SSO) uses SAML 2.0. This article walks you through the up-to-date team-level Okta setup (custom SAML app), and includes optional SCIM steps for automated user provisioning.
Before you begin
- Make sure you can access the Krisp Admin Portal for your team.
- Make sure you have admin permissions in Okta.
- If you plan to use SCIM, you must configure SAML SSO first.
Configure SSO
Step 1: Open Krisp SSO settings
- Go to the Krisp Admin Portal.
- Open Team Settings >>> Security >>> Authentication.
- Check the Enable SSO box.
- Click SAML to open the Configure SAML panel.
- Keep this panel open, as you'll copy values from here during the Okta setup.
See also
For a general overview of Krisp SSO, see Getting Started with Krisp SSO.
Step 2: Create a SAML 2.0 app integration in Okta
- In Okta, go to Applications >>> Applications.
-
Click Create App Integration.
- Select SAML 2.0 as the sign-on method.
-
Click Next.
General Settings
- Enter an App name (example: Krisp).
- (Optional) Upload an App logo (PNG/JPG/GIF).
- Click Next.
Configure SAML
In the Configure SAML screen, set:
- Single sign on URL: Copy the Reply URL (Assertion Consumer Service URL) from Krisp and paste it here.
- Audience URI (SP Entity ID): Enter a custom value (example: Krisp).
- Application username: Select Okta username.
Finish setup
- Select This is an internal app that we have created.
- Click Finish.
Step 3: Add the email attribute (required)
- Open the app's Sign On settings.
- Click Show legacy configuration, then click Edit.
- Under Profile Attribute Statements, add:
- Name: email
- Value: user.email
Step 4: Copy Okta SSO details into Krisp
- In Okta, scroll to the Sign On Settings area.
-
Click View SAML setup instructions.
- Copy the following values from Okta into Krisp settings:
- Identity Provider Single Sign-On URL >>> paste into the matching Krisp field
- X.509 certificate (certificate text) >>> paste into the matching Krisp field
-
In Krisp, click Configure to save.
Step 5: Assign users or groups (who can sign in via SSO)
- In Okta, open your Krisp SSO app and go to the Assignments tab.
- Click Assign and choose:
- Assign to People, or
- Assign to Groups
- Assign the users or groups who should be able to sign in to your Krisp team using SSO.
Once assigned, users can sign in using your team slug and authenticate through Okta.
Notes and limitations
- The team slug is modifiable, but must be unique.
- If you belong to multiple Krisp teams with SSO, you can't use your email instead of the team slug during sign-in.
- You can enable Enforce SSO only if you (as an Admin) are currently logged in via SSO.
Optional: Set up SCIM provisioning in Okta
SCIM lets Okta automatically provision, update, and deactivate users in Krisp. Recommended for teams managing large user bases.
Note
When SCIM is enabled, do not use Assign to Groups in Okta. Manage user provisioning through SCIM instead.
Step 1: Enable SCIM in Krisp
- In the Krisp Admin Portal, go to Team Settings >>> Security >>> Authentication.
- Click SCIM.
- Turn on Enable SCIM.
- Copy the values shown:
- SCIM token
- SCIM endpoint
Step 2: Enable provisioning in the Okta app
- In Okta, open the Krisp SSO integration app.
- Go to General (General settings) and click Edit.
- Select SCIM as the provisioning option.
- Click Save.
- Go to the new Provisioning tab and click Edit.
Step 3: Configure SCIM connection details
In Okta Provisioning settings, set:
- SCIM connector base URL: paste the SCIM endpoint from Krisp
- Unique identifier field for users: email
-
Supported provisioning actions:
- Import New Users and Profile Updates
- Push New Users
- Push Profile Updates
- Authentication Mode: HTTP Header
- Authorization: paste the SCIM token from Krisp
- Click Test Connector Configuration, confirm it succeeds, then click Save.
Step 4: Enable provisioning actions to Krisp
- In Okta, under Provisioning, open To App and click Edit.
- Enable:
- Create Users
- Update User Attributes
- Deactivate Users
- Click Save.
What to expect
- When SCIM is active, provisioning and deprovisioning should be done from the IdP (Okta), and users appear in Krisp right after they're added in Okta.
- When only SAML SSO is active (no SCIM), users typically appear in the Krisp dashboard after they sign in the first time.