Prerequisites

Admin rights for your Leexi and Okta accounts.

Create a new Okta application

  1. Go to Applications > Applications in the sidebar.
    1. Click "Create App Integration"
    2. Choose "SAML 2.0"
    3. Click "Next"
  2. General Settings
    1. Give the new Okta application a name. (This is shown to employees.)
  3. Configure SAML
    1. Update the "Single sign-on URL" with the Leexi Reply URL https://api.leexi.ai/users/sso/consume (Make sure "Use this for Recipient URL and Destination URL" stays checked.)

    2. Update the "Audience URI (SP Entity ID)" with the Leexi Entity ID (you can find it here: https://app.leexi.ai/en/settings/security)

      Capture d’écran 2025-03-20 à 14.54.55.png

    3. Click "Next". (No need to touch any other of the SAML settings. Keep them to the default values Okta chooses.)

  4. Feedback
    1. Click "This is an internal app that we have created"
    2. Click "Finish"
  5. Click on the "Sign On" tab
    1. Scroll down to where you see "Metadata URL"
    2. Click "Copy"
    3. Open the copied link
    4. Right click on the page and click on "Save as".
    5. Upload that file to https://app.leexi.ai/en/settings/security in Metadata certificate (XML). (It should be a .xml file.)
  6. Click on the "Assignments" tab
    1. Click "Assign"
    2. Click "Assign to People" or "Assign to Groups", whichever you usually use

SSO is now configured for these users! 🎉

They will now be able to sign in with their Okta credentials.

Enforce SSO login (optional)

If you have followed the steps above, your workspace users can still log in with email/password or already with SSO.

Once all users are onboarded and successfully logged in via SSO, you can enforce this feature to your entire workspace. We alone have the authority to disable this setting to prevent unwanted behavior.