Okta SSO Setup

Step-by-step guide on setting up the RudderStack SSO (Single Sign-On) feature with Okta.

This guide lists the steps to configure and enable Okta SSO for your organization.

RudderStack does not support IdP-initiated authentication. To use Okta SSO for your organization, you will have to log in through https://app.rudderstack.com/sso.

Configuring the RudderStack SSO App

Log into your Okta application as an administrator. Then, go to the Applications page in the dashboard.
Click on the Create App Integration button to integrate Okta with RudderStack, as shown:

Select SAML 2.0 sign-in method, as shown:

Under General Settings, set the App name to RudderStack, as shown. Then, click on Next.

SAML settings

Enter the following settings in the Configure SAML section:

Single sign on URL: Set this to https://auth2.rudderstack.com/saml2/idpresponse.

Make sure you also enable the Use this for Recipient URL and Destination URL option under this setting.

Audience URI (SP Entity ID): Set this to urn:amazon:cognito:sp:us-east-1_ABZiTjXia.
Default RelayState: Leave this field blank.
Name ID format: Select Unspecified from the dropdown.
Application username: Select Okta username from the dropdown.
Update application username on: Select Create and update from the dropdown.

Attribute Statements settings

In the Attribute Statements section, you need to enter the following settings:

Name Name format (optional) Default value Comments

Name	Name format (optional)	Default value	Comments
Email	Unspecified	`user.email`	Set the value corresponding to your organization's user email.
LastName	Unspecified	`user.lastName`	Although `user.lastName` is recommended, you can provide any other value here.

Unspecified

user.email

Set the value corresponding to your organization's user email.

LastName

Unspecified

user.lastName

Although user.lastName is recommended, you can provide any other value here.

As long as the attributes you set match the Email and LastName fields, your SSO should work without any issues.

In the next page, select the I'm an Okta customer adding an internal app option and click on Finish.

The RudderStack Single Sign-On app is now created and you will be directed to the app's page.

Enabling SSO

The RudderStack SSO app supports dynamic configuration.

In the Sign On section of the app, copy the Identity Provider metadata URL present under the View Setup Instructions button, as shown:

Share this URL with the RudderStack team to enable SSO for your organization.

Contact us

For queries on any of the sections covered in this guide, you can contact us or start a conversation in our Slack community.

PreviousMonitoring and Metrics NextOneLogin SSO Setup

Last updated 2 years ago