Okta Configuration Guide

How to configure SAML 2.0 for RethinkCare

Read this before you enable SAML

Enabling SAML affects all your employees who use RethinkCare application. Users won’t be able to sign in through their regular sign-in page. They are able to access RethinkCare app through the Okta service.


When using SAML as the SSO mode with provisioning, you need to enable a specific account plan on the application side for silent activation.

Supported features

For more information on the listed features, visit the Okta Glossary.

Supported features

  • Create users
  • Update user attributes (contact support)

Okta can’t update user attributes for Admin users. This is an API limitation.

For more information on the listed features, visit the Okta Glossary.

Backup URL

RethinkCare doesn’t provide a backup sign-in URL where users can sign in using their regular username and password. If necessary, contact Support ([email protected]) to turn off SAML.

Configuration steps (option 1)

  1. Copy the Metadata URL from the Okta Admin Console, SAML 2.0 Sign on methods section.
  2. Contact the RethinkCare support team (for example, [email protected]) and request that they enable SAML 2.0 for your account. Include the “Metadata URL” value from the previous step. The RethinkCare support team processes your request.
  3. Your SAML configuration for RethinkCare is complete. You can start assigning people to the application.


  • Ensure that you entered the correct value in the “Subdomain” field under the General tab. The wrong subdomain value prevents you from authenticating through SAML to .
  • Since only SP-initiated flow is supported, Okta recommends hiding the application icon for users.
  • The following SAML attributes are supported:










The External ID is a required attribute, but it doesn’t have a default mapping. This is because some customers prefer to set it to EmployeeNumber, and others like to set it to emailAddress. Assign the mapping to the correct value for your organization.