1. Help Center
  2. Using the Web Dashboard
  3. Reference
Follow email Print print

FORM SSO Configuration Guide

Form SSO Configuration Guide: Steps for Setup and Partial Universal Logout Verification

Partial Universal Logout: Only refresh tokens are revoked when a logout event is the user
triggered. User sessions remain active until existing access tokens expire or explicitly signs out of Form. Access tokens have a one hour lifespan.


Prerequisites

Before you begin, ensure you have the following:

  • A Form account with Company Admin privileges. If you don't have a Company Admin account, contact Form Support
  • Okta tenant admin access to add and configure app integrations.

Configuration Steps

Step 1: Add the Form app instance to your Okta Organization

  • Sign in to your Okta Admin Console.
  • Go to Applications > Applications.
  • Click Browse App Catalog.
  • Search for Form and select it from the results.
  • Click Add Integration.
  • Accept the default general settings and click Done.

Step 2: Configure SSO and Universal Logout

  • In the Form app integration, click the Authentication tab
  • In the Express Configuration for Form section, click Express Configure SSO & UL.
  • A Form sign in window opens. Sign in using your Form Company Admin credentials.
  • On the Authorize App consent page, review the requested permissions and click
  • Accept to grant Okta access to Form.
  • You are automatically redirected back to your Okta org. A success message confirms that SSO and Universal Logout have been configured.

Step 3: Assign users

  • In the Form app integration, click the Assignments tab.
  • Click Assign, then select Assign to People or Assign to Groups.
  • Select the users or groups that should have access to Form and click Done.

Step 4: Verify SSO
*Since Form supports SP-initiated SSO, verification must be performed from the Form login page.

  • Navigate to https://admin.gospotcheck.com
  • Enter the email address associated with your Okta organization's domain.
  • Form detects the domain and automatically redirects you to the Okta sign in page.
  • Enter your Okta credentials.
  • Confirm that you are successfully redirected back to Form and signed in.

Step 5: Verify Partial Universal Logout

Note: Form supports Partial Universal Logout only. 

When Okta triggers a logout event — for example, when an admin terminates a session or a risk signal is detected — only the user's refresh tokens are revoked. 

The user's active session in Form continues until:

  • Their current access token expires naturally, or
  • They explicitly sign out of Form

To verify the partial logout behavior:

  • In the Okta Admin Console, go to Directory > People and select a test user.
  • Click More Actions > Revoke Sessions to trigger a Universal Logout event.
  • Confirm the action in the confirmation dialog.
  • Okta immediately revokes the test user's refresh tokens. The user will not be able to silently re-authenticate once their current access token expires.
  • Note that the test user's active Form session persists until the access token reaches its expiry. This is expected b ehavior for Partial Universal Logout.

Support

For assistance with this configuration, contact Form Support.

star

Related articles

Have more questions? Submit a request