Skip to Content

User Guide

Business Portal Login

Enable SSO for Okta

National Crime Check supports single sign-on (SSO) using Okta.


Single Sign-On connections support these features:

  • SP-initiated SSO -- login from the NCC website
  • IdP-initiated SSO -- login to NCC from your identity provider portal
  • Just-In-Time provisioning
  • Multiple roles and permission sets


The following SAML attributes are supported:

first_name user.firstName
last_name user.lastName
role Used for role-based permissions

To make use of role-based permissions you can supply the role attribute using a user field or by using group attributes.

Connecting to Okta

  1. Navigate to the Staff section and then the SSO tab
  2. Click the Okta icon
  3. Click the Add Application button
    Your Okta account will be opened in a new tab. Keep the NCC tab open in the background as you will need it later.
    You might be asked to login to your Okta account.
  4. Confirm the application details and then click the Done button
  5. Navigate to the Sign On tab and click the Edit link
  6. Scroll down to the Advanced Sign-on Settings area and enter the Connection ID
    You can find this in the integration dashboard
  7. Click the Save button
  8. Now find the Metadata URL on this same page and copy this value
  9. Paste the metadata url into the integration dashboard
  10. Choose the permissions which are available for single sign-on users
  11. Click the Enable Single-Sign-On button
  12. SSO is now enabled
    Some basic details are shown at the top of the page. You can see the Connection ID and Identity Provider (Okta).
  13. You will need to assing some people or groups to your app before it can be used
    This is done within the Okta admin portal in the same way that assignments are done for any other application.

Setting up roles (optional)

  1. In the Okta control panel, open the National Crime Check app
  2. Navigate to the Sign On tab and click the Edit link
  3. Expand the Attributes interface
  4. Under group attribute statements enter "role" as the name, matches regex, and .* for the filter
    This will cause Okta to send ALL group names to NCC in the "role" attribute. You can also use other filters to only send a subset of your group names.
  5. Set up your roles in the integration dashboard using role names which match your group names

Logging in

You can provide the Login URL to your staff to access the integration dashboard using single sign-on

Staff can also login from within the Okta applications portal