How Do I Configure SSO/SAML for KCM GRC with Okta?

This article contains instructions for configuring single sign-on (SSO) for your KCM GRC platform with Okta. When you enable SSO for KCM GRC, your users can log in to your platform without creating a password. 

To complete the instructions below, you must be an account administrator in both KCM GRC and Okta.

Important:After you configure SAML for your KCM GRC account, users must log in by using single sign-on. For new accounts, users will still be required to activate their account. To learn more about this user experience, see our How to Activate and Access Your KCM GRC Account With SSO/SAML article.
Note:Because they are external user roles, Auditor and third-party Vendor Users cannot log in to KCM GRC by using single sign-on. As an alternative option for authentication security, you can make multi-factor authentication mandatory for these accounts. For more information, see our How to Enable and Configure Multi-Factor Authentication article.

Jump to:Add the KCM GRC Platform to OktaConfigure Okta SSO in KCM GRCTest SSO Integration

Add the KCM GRC Application to Okta

Note:Currently, these instructions only apply to the US instance of KCM GRC. The UK instance ( does not have an application in Okta at this time.

Before configuring SSO in your KCM GRC platform, connect KCM GRC to your Okta account by following the instructions below. 

First, add the KCM GRC application to your Okta account.

  1. Log in to Okta. 
  2. Navigate to the Applications tab.
  3. Click the Add Application button. SSO Okta Add Application PNG
  4. Type "KCM GRC Platform" in the search bar.
  5. Select KCM GRC Platform.
  6. Click the Add button. 

Next, obtain your KCM GRC subdomain so you can add it to the Subdomain field in Okta.

  1. Open the KCM GRC platform in a new window or tab.
  2. Log in to your KCM GRC account.
  3. In the top-right corner of the screen, navigate to Settings > Account Settings. KCM Sign in URL PNG
  4. Click the SSO Settings tab on the View Account page.
  5. Copy your subdomain from the Sign in URL field.
    • The subdomain is between "https://" and "". For example, if your Sign in URL is "", your subdomain is "organization".

Finally, continue configuring SSO in Okta.

  1. Return to the General Settings page in Okta. 
  2. Paste your subdomain into the Subdomain field.
  3. Click Next.
  4. Click the Identity Provider metadata link below the View Setup Instructions button. By clicking this link, an Okta metadata XML file will be downloaded to your device. You will need to import this file into your KCM GRC account to finish the configuration. Okta Sign On Methods Metadata PNG
  5. Click Done.

Configure Okta SSO in KCM GRC

After you add the KCM GRC application to Okta, follow the instructions below to configure SSO with Okta in KCM GRC. 

  1. Log in to your KCM GRC account. 
  2. In the top-right corner of the screen, navigate to Settings Account Settings.
  3. Click the SSO Settings tab on the View Account page.
  4. Click the SSO Enabled toggle to enable SSO.  KCM SSO Provider Config PNG
  5. Click the Upload SSO Metadata button in the SSO Provider Config area.
  6. Select the Identity Provider metadata XML file that you downloaded in step 15 of the section above. 
  7. Wait for the file to import successfully.
  8. Select Okta from the SSO Provider drop-down menu. KCM SSO Provider Drop-down PNG
  9. Click Save in the bottom-left corner. 
    Note:As a precaution, Account Administrators will retain the ability to log in to KCM GRC with their password.

Test SSO Integration

After you configure SSO in KCM GRC, we recommend that you test your SSO integration by following the steps below.

  1. Log in to your KCM GRC account. 
  2. In the top-right corner of the screen, navigate to Settings > Account Settings
  3. Click the SSO Settings tab on the View Account page. 
  4. Click the Test SSO Configuration button. KCM Test SSO Integration PNG
  5. Click Continue in the SAML Integration Test window. 

After you click Continue, a window will open to indicate whether the SSO configuration was successful. If the configuration was successful and you are logged in to Okta with the same email address that you use for KCM GRC, this window will redirect you to your KCM GRC dashboard.

If the configuration was unsuccessful, this window will redirect you to a "Page not found" error screen. Review the instructions in this article to verify that you configured SSO correctly in Okta and KCM GRC. Then, if you still encounter the error, please contact the KCM GRC support team

Can't find what you're looking for?

Contact Support