How to Configure SAML 2.0 for Procore

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Procore SAML integration currently supports the following features:

• IdP-initiated SSO
• SP-initiated SSO

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Login to your Procore instance as an administrator.

2. Navigate to TOOLBOX > Admin:

   

3. Select ADMINISTRATIVE SETTING > Single Sign On Configuration, then enter the following:

   • Single Sign On Issuer Url: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Single Sign On Target Url: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Single Sign On x509 Certificate: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Click Save Changes:

   

4. Optional: Contact Procore and ask them to configure Single Sign On Domain for the SP-initiated flows. Provide them with your email domain.

   Important: Enabling Single Sign On Domain for the SP-initiated flows will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service. Procore does not provide backup log-in URL where users can sign-in using their normal username and password. You can contact Procore support to turn off SAML, if necessary.

5. Done!

---

Notes

The following SAML attributes are supported:

Name	Value
Email	user.userName

SP-initiated SSO

1. Open this URL: https://login.procore.com/.

2. Enter your Email address.

3. Click Continue: