Okta Single Sign On

Prerequisites

Before you begin, make sure you have:

An active Stationwise subscription with SSO enabled for your agency. If SSO is not yet enabled, contact Stationwise Support at [email protected].
Stationwise user accounts already created for everyone who will sign in. Accounts must exist in Stationwise before SSO sign-in will work.
Matching email addresses. Stationwise identifies users by email, so each user's email in Okta must match the email on their Stationwise account.

Supported features

SP-initiated SSO (Single Sign-On) — users start from the Stationwise sign-in page and authenticate through Okta.

This integration does not include account creation during sign-in (no Just-In-Time provisioning), SCIM provisioning, or Single Logout (SLO). Accounts are created by admins in Stationwise; access is controlled by assigning users in Okta, and unassigning a user prevents future sign-in.

For more information on these features, see the Okta Glossary.

Configuration steps

Step 1 — Add the Stationwise integration in Okta

Sign in to the Okta Admin Console.
Go to Applications > Applications, then click Browse App Catalog.
Search for Stationwise and select it.
Click Add Integration.
On the General Settings page, confirm the application label (for example, "Stationwise") and click Done. The sign-in redirect URI is preconfigured for you; you do not need to change it.

Step 2 — Retrieve your OIDC credentials

Open the Stationwise app you just added and go to the Sign On tab (or General tab, depending on your Okta view).
Locate and copy the following three values:
- Client ID
- Client Secret
- Okta domain (your org URL, for example https://your-org.okta.com) — this is used as the OIDC issuer.

Step 3 — Provide your credentials to Stationwise

Send the Client ID, Client Secret, and Okta domain to Stationwise Support at [email protected] (or enter them in your Stationwise SSO settings if your account provides a self-service option). Stationwise uses these values to finish configuring the connection for your agency.

Security note: Treat the Client Secret like a password. Send it through a secure channel and do not share it more broadly than necessary.

Step 4 — Assign users

In the Okta Admin Console, open the Stationwise app and select the Assignments tab.
Click Assign and add the users or groups who should have access to Stationwise.
Only assigned users can sign in. Anyone not assigned will be blocked at login.
Each assigned user must also have an existing Stationwise account with a matching email address.

Step 5 — Confirm with Stationwise

Once Stationwise confirms the connection is configured and enabled for your agency, you are ready to test sign-in.

SSO Process

The sign-in process starts from Stationwise.

In your browser, go to your Stationwise sign-in page.
Enter your email.
You are redirected to Okta. Enter your Okta credentials and complete any required factors.
After successful authentication, you are redirected back to Stationwise and signed in. You must already have a Stationwise account with a matching email address.

Troubleshoot

"User is not assigned to this application." The user signing in has not been assigned to the Stationwise app in Okta. In the Okta Admin Console, open the Stationwise app, go to Assignments, and assign the user (or a group that includes them).

User authenticates with Okta but cannot access Stationwise / sees a "no account" error. The user does not have a Stationwise account, or their Stationwise email does not match their Okta email. Confirm an account exists in Stationwise and that the email addresses match exactly. Accounts must be created by a Stationwise administrator before SSO sign-in will work.

Sign-in fails or returns an error after entering Okta credentials. Verify that the Client ID, Client Secret, and Okta domain provided to Stationwise are correct and current. If you regenerated the Client Secret in Okta, send the new value to Stationwise.

Still need help? Contact Stationwise Support at [email protected].