This guide lists the steps to configure and enable Okta SSO for your organization.

RudderStack does not support IdP-initiated authentication. To use Okta SSO for your organization, you will have to log in through https://app.rudderstack.com/sso.
Github Badge

Configuring the RudderStack SSO App

  1. Log into your Okta application as an administrator. Then, go to the Applications page in the dashboard.
  2. Click on the Create App Integration button to integrate Okta with RudderStack, as shown:
Create App Integration
  1. Select SAML 2.0 sign-in method, as shown:
SAML 2.0
  1. Under General Settings, set the App name to RudderStack, as shown. Then, click on Next.
Rudderstack as app name

SAML settings

Enter the following settings in the Configure SAML section:

Enter the settings
  • Single sign on URL: Set this to https://auth2.rudderstack.com/saml2/idpresponse.
Make sure you also enable the Use this for Recipient URL and Destination URL option under this setting.
  • Audience URI (SP Entity ID): Set this to urn:amazon:cognito:sp:us-east-1_ABZiTjXia.
  • Default RelayState: Leave this field blank.
  • Name ID format: Select Unspecified from the dropdown.
  • Application username: Select Okta username from the dropdown.
  • Update application username on: Select Create and update from the dropdown.

Attribute Statements settings

In the Attribute Statements section, you need to enter the following settings:

okta sso 5
NameName format (optional)Default valueComments
EmailUnspecifieduser.emailSet the value corresponding to your organization's user email.
LastNameUnspecifieduser.lastNameAlthough user.lastName is recommended, you can provide any other value here.
As long as the attributes you set match the Email and LastName fields, your SSO should work without any issues.

In the next page, select the I'm an Okta customer adding an internal app option and click on Finish.

The RudderStack Single Sign-On app is now created and you will be directed to the app's page.

Enabling SSO

The RudderStack SSO app supports dynamic configuration.

In the Sign On section of the RudderStack SSO app, right click and copy the URL associated with Identity Provider metadata under the View Setup Instructions button, as shown in the below image.

Share this URL with the RudderStack team to enable SSO for your organization.

Identity provider metadata
The Identity Provider metadata URL ends with /metadata.

Contact us

For queries on any of the sections covered in this guide, you can contact us or start a conversation in our Slack community.

Contents