Timely

Connecting Timely with Okta

Plans: Unlimited+ · Permissions: Admins

IntegrationsSingle Sign-On (SSO)HandbookManage users and access all in one place using Okta single sign-on for Timely.

Adding new users to Timely and managing their access has never been easier with our Okta single sign-on integration!

Set-up instructions

First, log into your Okta admin account and click on the Applications dropdown in the left-hand sidebar. Click Applications, then click the “Create app integration” button along the top.

Create app integration in Okta

Make sure you select the SAML 2.0 option as the “Sign-on method” and then click “Next”.

Select SAML 2.0

Enter in and select the various options under the General Settings tab as you’d like and then click “Next”.

General Settings

Enter the following attributes under SAML Settings:

  1. Single sign on URL: https://auth.timely.com/users/saml/auth
  2. Audience URI: https://auth.timely.com/
  3. Default RelayState: https://auth.timely.com/
  4. Name ID format: Unspecified
  5. Application Username: Email

SAML Settings

Scroll down and enter the following Attribute Statements:

NameName formatValue
firstNameUnspecifieduser.firstName
emailAddressUnspecifieduser.email
employeeNumberUnspecifieduser.login
lastNameUnspecifieduser.lastName

Attribute Statements

Once you’ve entered all your Attribute Statements, scroll down to the very bottom and click the “Next” button to finalize this new SSO app.

Now you’ll need to access that newly created SSO app in Okta. Click the Applications drop-down from the sidebar, then click Applications. Click your new SSO app and then the “Sign on” header along the top.

Access SSO app sign-on settings

From the Sign On tab, collect the following values to share with Timely:

ValueWhat it isWhere to find it
Entity IDUnique identifier for the IdPIdentity Provider Issuer
SSO Target URLIdP endpoint where SAML authentication requests are sentIdentity Provider Single Sign-On URL
SLO Target URLIdP endpoint for Single Logout requestsIdentity Provider Single Logout URL
IdP CertificateX.509 certificate used to verify SAML response signaturesSAML Signing Certificates — download the active certificate

If your Okta admin console shows the older layout instead, click the “View SAML setup instructions” button at the bottom of the Sign On tab to find the same fields, and use the “Download certificate” button for the certificate.

View SAML setup instructions

Identity Provider URLs

Completing setup

You’re all set! Contact the Support Team at Timely by emailing us at [email protected] to finalize the integration.

In that email, please include:

  • The Entity ID, SSO Target URL, and SLO Target URL from the table above
  • The downloaded certificate — paste or attach the full PEM-encoded certificate, including the BEGIN/END lines
  • A list of the email domains in use by your organization (e.g. “@organization.com” or “@companyname.org”)

We’ll circle back to let you know once everything has been confirmed and enabled on our end!

Troubleshooting SAML login issues

If you encounter errors during SAML login, Timely now displays a unified error page with detailed information to help diagnose the issue:

  • Reference ID: A unique identifier for the error occurrence
  • Reason code: Specific code indicating the type of error
  • Issuer checksum: Information about the identity provider
  • Timestamp: When the error occurred

Common SAML error scenarios include:

  • Replay protection: The sign-on response has already been used
  • Request correlation: The response doesn’t match an authentication request we issued
  • Cross-tenant issues: The assertion belongs to a different account
  • Invalid assertions: The SAML response format is incorrect

If you see a SAML error page, please include all the support details when contacting [email protected] for assistance.

Last updated June 18, 2026