Documentation menu

Okta SSO legacy process

Last updated on Disponible en Français

✅ Only Enterprise plans support SSO integration. If you’d like to upgrade your plan to enable SSO, please reach out to our sales team.

SSO can also be combined with User Provisioning through the SCIM protocol.

Prerequisites for activating SSO on your CoderPad account:

  • You must have admin rights for your CoderPad Interview account.
  • You must have identified the proper person at your end who will be able to implement the required configuration changes on your SSO provider account, i.e. your system administrator.

Supported SSO features

The CoderPad Okta integration supports SP-initiated and IdP-initiated SSO logins.

It does not currently support Just-In-Time (JIT) provisioning or Single Logout.

Supported SCIM features

The following SCIM operations are supported:

  • Creating users
  • Updating user attributes (name, family name)
  • Deactivating users
  • Deprovisioning users
  • Group management (Creation / Renaming / Deletion / Assign to users)
  • Importing users in your Identity Provider
  • Importing groups in your Identity Provider

✅ Account-wide failure to login may occur for your users during the configuration process. Reversing the SSO activation on the account can be done at any time if the configuration fails.

ℹ️ At any time, even when the SSO configuration is active, it is possible for an admin to log into the account using email and password credentials as long as the option to enforce SSO is not active

Step 1: Obtain SSO configuration values from CoderPad

To obtain the SSO values you’ll need to give to your SSO provider, you’ll first need to navigate to the Team Settings screen in CoderPad Interview by clicking on that option in the settings menu :gear:.

An arrow pointing to the "team settings" option in the settings menu drop down in the top right of the screen.

Then, scroll down to the Single Sign-On (SSO) section and click on Configure SSO.

A screen shot that says "Single sign-on (SSO)" with a "configure SSO" button below that.

This will open up the SSO configuration screen. In Step 1: Provide Identity Provider Metadata you’ll see the three values you’ll need for your SSO provider:

  • SP Entity ID
  • SP Assertion Consumer URL
  • IDP Login URL
The "step 1: provide identity provider metadata" section with the SP entity id, sp assertion consumer url, and idp login url highlighted.

Step 2: Configure Okta

1. Log on to the Okta Admin interface

Okta "My apps" tab on left nav selected and an arrow pointing to the "Admin" button.

2. In the menu select Applications > Applications:

The "Applications" item in the left nav is highlighted and there is an arrow pointing to the hamburger menu item next to the "okta" logo.

3. Select Create App Integration and then select SAML 2.0. Click Next to proceed:

Arrow pointing to the "create app integration" button in the top right of the window.
"Create a new app integration" page with the "SAML 2.0" option highlighted and selected.

4. Add these general settings:

  • Configure SAML:
    • Single sign on URL = IDP Login URL
    • Audience URI (SP Entity ID) = SP Entity ID
    • Uncheck Use this for Recipient URL and Destination URL
    • Recipient URL = SP Assertion Consumer URL
    • Destination URL = SP Assertion Consumer URL

The resulting SAML settings should look like this:

The SAML settings screen. SSO URL is https://saml.coderpad.io/login?idp=XXX, the recipient and destination url is https://cognito.coderpad.io/saml2/idpresponse, and the audience uri is urn:amazon:cognito:sp:us-east-1_y3aJWInG6.

For the other fields, use these values:

  • Name ID format = Unspecified
  • Application username = Email

5. Add the attribute statements (the SAML won’t work without them):

  • Name = User.Email
  • Value = user.email
The attribute statement window is shown for the User.Email = user.email value.

⚠️ When user.email contains uppercase (even just first letter capitalization) letters, CoderPad won’t be able to match the user so it will end up in an login error. To solve this issue, please review and follow this document from OKTA Support.

This knowledge base article demonstrates how to convert Okta usernames to all lowercase characters when assigning users to an application. The provided solution leverages the Okta Expression Language to create a custom application username format.

In the SAML settings the "application username" entry is shown. it is set to custom, and then String.toLowerCase(user.email) has been entered in the text box. Below that, String.toLowerCase(user.email) is also shown as a value for User.Email key.

6. Next, you’ll need to obtain the Identity provider metadata file from Okta. In the Sign On tab of the Application, copy or download the Identity Provider metadata file.

Sign on methods screen with an arrow pointing to the "identity provider metadata" link.

7. Back on the CoderPad SSO Settings page, upload or paste the file into the respective input box.

The coderpad SSO settings screen is shown with the file selection and xml text box options shown.

7. Test the configuration: Ask one of your users to login through SSO to check that it is working before proceeding to the user provisioning steps.

Adding SCIM User Provisioning

Once SSO has been activated, User Provisioning can be turned on using the SCIM protocol:

1. In Okta, select the CoderPad application then General > App Settings > Edit.

Coderpad configuration screen with an arrow pointing to the "general" tab. The "edit" button in the top right of the app settings section is highlighted.

2. Then under Provisioning select SCIM and click Save.

In the provisioning section the "SCIM" option is selected and highlighted.

3. From the new Provisioning tab, click on Edit in the SCIM Connection section.

Coderpad configuration screen with an arrow pointing to the "provisioning" tab. In the SCIM connection section the "edit" button is highlighted.

4. Enter in the following configurations:

  • SCIM connector base URL = SCIM URL
  • Unique identifier field for users = email
  • Supported provisioning actions = Select all the options
  • Authentication Mode = HTTP Header
  • Bearer Token (HTTP Header > Authorization > Bearer Token) = SCIM Authentication Token

The Test Connector Configuration action should be successful at this point.

5. Edit the provisioning. Navigate to Provisioning > Settings > To App and select Edit:

Codingame configuration screen with an arrow pointing to the "provisioning" tab. in the left nav the "to app" option is highlighted.

6. Check Create Users, Update User Attributes, Deactivate Users.

The provisioning to app screen is shown, with create users, update user attributes, and deactivate user options shown.

7. Click Save.

8. Go to the Push Groups tab of the App

Codingame configuration screen with an arrow pointing to the "Push groups" tab.

9. Click Push groups >Find groups by name

In the push groups dropdown menu there is an arrow pointing to the "find groups by name" option.

✅It is recommended to select all groups assigned to the Okta App

10. Click Save.

11. SCIM provisioned users will automatically have user rights but not admin rights. To manage permissions through SCIM please create different groups and let our support team know which group should have which permissions (Admin or Member); otherwise your CoderPad users may not have the appropriate access.

12. From now on users added to your groups will be automatically created in CoderPad with the proper set of permissions.

✅ After you assign new users with SCIM:

  1. Have them connect through your company’s Okta tile first.
  2. They will then receive an email with a link where they will need to click to verify their email address.
  3. Then they will need to go to https://app.coderpad.io/login and enter their email address once to get created.
  4. Finally, they can click on the Coderpad tile in OKTA to actually login.

13. Proceed to Step 3: Finish SSO configuration in CoderPad to finish up the SSO configuration.

Step 3: Finish SSO configuration in CoderPad

SSO Login Subdomain

Now that you’ve configured your IdP information, you’re able to customize your SSO login subdomain. This will give you a dedicated sign in page specifically for your organization.

Customize Sign-In with the set subdomain of "yourcompany.coderpad.io"


You should direct your users to use this subdomain for login; they’ll be greeted with a welcoming login screen specifically for SSO users to reduce confusion.

However, if one of your users accidentally attempts to login through other CoderPad pages – such as our homepage login button – we’ll redirect them to the correct location upon email input.

Mandatory SSO Enforcement

While we allow organizations to have both SSO and more traditional email/password user accounts, we recommend you enforce SSO login. The benefits of doing this are:

  • Simplification of organization-wide authentication
  • Reduced/simplified IT support requests
  • Ability to add security precautions (such as 2FA)

To make SSO mandatory, simply select the Enforce SSO checkbox in the step 3 section.