Okta Self-Service Setup Option (Okta Express Configuration)

Overview

The Express Configuration method uses Okta's Integration Network (OIN) or a template-based approach to simplify the SAML setup. Rather than manually entering all SAML fields, the integration is partially pre-configured, and you complete a shorter guided flow.

Steps
  1. Access the Okta Admin Console Navigate to Applications → Applications and click Browse App Catalog. Search for the relevant app or use an Express Configuration template if provided by Conduit.
  2. Launch Express Setup If an OIN or template link is provided by Conduit, clicking it will auto-populate the SAML fields (SSO URL, Audience URI, etc.) in your tenant. Review and confirm each value matches what is listed in the Standard SAML Settings section above.
  3. Assign Users and Groups 
    1. Assign the conduit-* groups to the application as described in the Group Membership Configuration section.
    2. Ensure the Group Attribute Statement (groups, Regex: .*) is still configured, as this is required regardless of setup method.
  4. Configure Attribute Mappings Verify that the email, given_name, and family_name attribute statements are correctly mapped. Express setup may pre-populate these, but they should be reviewed for accuracy.
  5. Configure Role/Permission Mapping (Optional) If role-based access control is needed beyond group membership, you can define additional attribute statements or use Okta's group rules to automate group assignment. See the OX Security express config guide – Step 5 for a detailed walkthrough of this pattern, which can be adapted for Conduit's group structure.
  6. Retrieve and Share IdP Metadata Once setup is complete, download or copy: 
    1. Identity Provider SSO URL
    2. X.509 Certificate

Send both to the Conduit team along with your conduit-* group IDs to complete configuration on the Conduit side.

When to Use Express vs. Standard Setup
Standard SAML Setup Self-Service Express Setup
Best for IT teams familiar with SAML Admins preferring guided setup
Manual field entry Yes Minimal (pre-populated)
Group Config required Yes Yes
Outcome Identical Identical

Regardless of which method is used, the group IDs and IdP metadata must still be shared with Conduit to complete provisioning.

Conduit defends investment managers against wire fraud. Our clients include the most sophisticated managers and companies in the world. We have protected billions and our clients have never lost a dollar to wire fraud.

Wire Fraud
Conduit Platform
Case Studies
Insights
Trust Center
Privacy Policy