Setting Up Okta SSO in Zonka Feedback
This guide walks you through enabling Single Sign-On (SSO) in Zonka Feedback using Okta as your Identity Provider. Once configured, your team can log into Zonka Feedback using their Okta credentials, and new users can be automatically provisioned on first login via Just-in-Time (JIT) provisioning.
Before You Begin
You'll need:
An Okta administrator account with permission to add applications and assign users
A Zonka Feedback Account Owner or Admin role (SSO settings are restricted to admin-level users)
An SSO-enabled Zonka Feedback plan. If you're not sure whether SSO is included in your plan, reach out to our team at support@zonkafeedback.com before starting.
Tip: Keep two browser tabs open throughout this setup — one for your Okta admin console and one for your Zonka Feedback account. You'll be moving values between them.
Part 1: Add Zonka Feedback to Okta
Step 1. Open the Okta Applications catalog
Sign in to your Okta admin console (e.g.
https://yourcompany-admin.okta.com).In the left navigation, go to Applications → Applications.
Click Browse App Catalog.
Step 2. Find and add Zonka Feedback
In the search bar, type Zonka Feedback.
Click the Zonka Feedback result.
Click Add Integration.
Step 3. Complete the General Settings
Give the integration an Application label (the name your users will see on their Okta dashboard). We recommend keeping it as "Zonka Feedback."
Fill in any other fields requested by the setup wizard (such as your Zonka subdomain or region).
Click Next, then Done.
Step 4. Assign users to the application
On the application page, open the Assignments tab.
Click Assign → Assign to People (or Assign to Groups if you manage access via groups).
Select the users or groups who should have SSO access to Zonka, then click Assign and Save and Go Back.
Click Done.
Note: Only users assigned to the app in Okta will be able to log into Zonka via SSO. Anyone not assigned will see a "User is not assigned to this application" error when attempting to sign in.
Part 2: Get the Okta SSO Details
You'll now collect three values from Okta that Zonka needs.
Step 5. Open the SAML setup instructions
Still on the Zonka Feedback application page in Okta, open the Sign On tab.
Scroll to the SAML Signing Certificates section.
Click View SAML setup instructions (usually a button on the right).
A new tab opens with all the values you need. Keep this tab open.
Step 6. Copy these three values
From the setup instructions page, copy the following — you'll paste them into Zonka in the next part:
Okta Label | What to Copy |
Identity Provider Single Sign-On URL | The full URL (e.g. |
Identity Provider Issuer | The URL starting with |
X.509 Certificate | The entire certificate block, including |
Tip: Paste these into a scratch note or text editor first so you don't lose them when switching tabs.
Part 3: Configure SSO in Zonka Feedback
Step 7. Open Zonka's SSO settings
Log in to your Zonka Feedback account.
Go to Settings → Account → SSO in the left navigation.
Step 8. Enable SSO and choose your provider
Toggle Enable Single Sign On to the on position.
Under SSO Provider, select Okta.
Step 9. Paste in your Okta details
Under SSO Provider Information, fill in the three fields using the values you copied in Step 6:
SAML SSO URL — paste the Identity Provider Single Sign-On URL from Okta.
Identity Provider Issuer — paste the Identity Provider Issuer from Okta.
Public Certificate — paste the entire X.509 Certificate block, including the BEGIN and END lines.
Step 10. Choose your Login Policy
Pick one of the two options:
All users must use SSO authentication — Every user must log in through Okta. Email/password login is disabled. Use this for stricter security.
All users can login using SSO or account details — Users can choose between SSO and their existing email/password. Recommended while you're rolling out SSO, so locked-out users still have a fallback.
Recommendation: Start with the second option during rollout. Switch to "All users must use SSO" once you've confirmed everyone on your team can log in via Okta successfully.
Step 11. Configure Just-in-Time (JIT) Provisioning
Under Just In Time User Provisioning:
Toggle Create a new user if not created already to the on position if you want new team members to be auto-created in Zonka the first time they sign in via Okta. This saves you from manually creating each user in Zonka.
Under Select the default role to be assigned to the user, pick the role that new users should receive on creation (e.g. Analyst, Agent, Manager). You can change individual user roles later in Zonka.
About roles: For most organizations, Analyst is a safe default. You can always upgrade a user's role after they're created. For details on what each role can do, see our
Step 12. Save
Click Save at the bottom of the page.
Part 4: Test the Setup
Before rolling out SSO to your entire team, verify the connection with a single test user.
Open an incognito / private browser window.
Go to your Okta dashboard (e.g.
https://yourcompany.okta.com).Sign in as a user who has been assigned to the Zonka Feedback app.
On the dashboard, click the Zonka Feedback tile.
You should be signed straight into Zonka Feedback with no password prompt.
If JIT is enabled and the user didn't previously exist in Zonka, a new account will be created automatically using the email and name from Okta, assigned to the default role you selected in Step 11.
Troubleshooting
"User is not assigned to this application."
The user trying to sign in hasn't been assigned to the Zonka Feedback app in Okta. Go to Okta → Applications → Zonka Feedback → Assignments and add them. Make sure the currently logged-in Okta user matches the assigned user.
"Cannot POST /api/v1/sso/saml" or a SAML error from Zonka Feedback
This usually means one of the three values copied from Okta is incorrect. Double-check:
The SAML SSO URL is the full URL from Okta, with no trailing spaces
The Identity Provider Issuer starts with
http://www.okta.com/The Public Certificate includes the full
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----lines, with no missing characters
If all three look correct and the error persists, contact support@zonkafeedback.com with a screenshot of the error and your ZonkaFeedback account URL.
The user logs in but their role is wrong
Roles are assigned based on the default role selected in Step 11 at the time of first login. To change an existing user's role, go to Settings → Users in Zonka Feedback, click the user, and update their role directly.
The user logs in but isn't auto-created
Check that Just In Time User Provisioning is toggled on in Zonka's SSO settings. Without it, users must be manually created in Zonka Feedback before they can log in via SSO.
I got locked out of my Zonka Feedback account
If you selected "All users must use SSO authentication" and SSO isn't working for you, contact support@zonkafeedback.com. Our team can temporarily restore email/password login so you can fix the configuration.
Frequently Asked Questions
Can I use this setup for Azure AD or other identity providers? Yes. Zonka Feedback supports Okta, Azure AD, and any Custom SAML 2.0 provider. Select the appropriate option under SSO Provider in Step 8 — the field names differ slightly across providers, but the setup flow is the same.
What happens to existing users when I turn on SSO? Existing users can continue logging in with their email and password (under the "SSO or account details" policy) or must switch to SSO (under the "must use SSO" policy). Their data, surveys, and permissions are unchanged.
Can I disable SSO later? Yes. Toggle Enable Single Sign On off in Zonka's SSO settings. Users will revert to email/password login immediately.