Skip to content

Integrating Twosense with Okta

This document will guide you through integrating Twosense into your existing Okta SSO environment. The integration will use a SAML 2.0 IdP provided by Twosense along with the browser extension agent. There are also other integrations if SAML 2.0 won't work for you (e.g RADIUS), please contact your Twosense SE for more details.

What You'll Need To Do

There are 3 main steps you’ll need to follow to complete the deployment. Total time is usually under 30 minutes.

1. Add the Twosense SAML 2.0 IdP.
2. Exchange SAML 2.0 certificates.
3. Deploy the Twosense browser extension.


1. An Okta Org. If you don't already have one, you can get a free account at
2. An Enterprise account with Twosense. Please contact us to obtain a 30-day trial if you don’t have one already.
2. A SAML 2.0 IdP certificate provided by your TWSOENSE rep.


1. Log in to your Okta instance with an administrator account in the “Classic Management UI” theme.
2. From the Admin Console, hover over Security and then select Identity Providers.
3. Click Add Identity Provider -> Add SAML 2.0 IdP
4. In the Add an Identity Provider dialog box, define the following:

  1. Name  “TWOSENSE.AI
  2. IdP Usage  SSO only
  3. IdP Username  idpuser.subjectNameId
  4. Change If no match is found to Redirect to Okta sign-in page
  5. IdP Issuer URI
  6. IdP Single Sign-On URL
  7. IdP Signature Certificate — upload the public.cert file [provided by your SE]

5. Click Add Identity Provider

6. Now reconfigure the IdP you just created. Select the Configure dropdown next to the new TWOSENSE IdP and select Configure Identity Provider

  1. Change IdP Usage to Factor only
  2. Click Update Identity Provider

7. Download SAML metadata

  1. Click the expand button next to TWOSENSE.AI
  2. Click Download metadata
  3. Provide the metadata.xml to your SE

8. Enable the TWOSENSE.AI IdP factor

  1. From the Admin Console, select Security from the main menu and then Multifactor
  2. On the Factor Types tab, select IdP Factor from the left navigation
  3. Click the Inactive drop-down box, and then select Activate
  4. Select TWOSENSE.AI from the IdP dropdown
  5. Click Save

You can now add TWOSENSE.AI (IdP Factor) to your Sign-on policies. If you do not have the agent deployed, users will continue to be MFA’d according to your pre-existing policies. Once the agent is deployed, Twosense will begin to respond to MFA challenges on your users’ behalf. Don’t forget to provide your metadata.xml from above to your Twosense representative.

Browser Extension Deployment

Depending on which tier you purchased, TWOSENSE can be rolled out by adding a browser extension from the app store of your browser(s) of choice to your company browser policy. You will be provided with an app-store published link for that purpose, please speak to your SE for details.

Latest blog posts

April 30, 2024

Exploring Behavior as a Biometric and Continuous Authentication in Zero Trust Environments

In this blog, we're delving into behavioral authentication, a cutting-edge solution poised to tackle inherent security...
April 16, 2024

PCI 4 Timeline: 2025 Future-Dated Requirements

The wait is over; PCI 4 is officially here. As of March 31st, 3.2.1 has been retired, and anyone undergoing...
March 21, 2024

Twosense is SOC 2 Type II Compliant

What is SOC 2, & Why is it important? SOC 2, or Service Organization Controls 2, is a framework that is governed by the...

Send us your enquiries.

Got a question? Fill out the form and we'll get back to you as soon as we can. Don't forget to check out our FAQ.

Physical Address - Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

Physical Address - Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

Physical Address - Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.

Get in Touch