Okta Self Serve SSO Steps - SAML
On this page
The following steps have to be executed in the SingleStore Helios Portal and the Okta Admin portal sequentially.
In the SingleStore Helios Portal
-
Open the ORG:your-org menu in the top right corner and go to Organization Details.
-
Select the Authentication tab.
-
Use the Add Identity Provider list on the right to add a
SAML 2.
identity provider connection.0 -
Add a Connection Name, for example, Okta SAML.
-
Copy SingleStore’s Service Provider Configuration and store it in a file with a
.
extensionxml
In the Okta Admin Portal
-
In the Okta Admin console go to Admin mode and select Applications from the left panel.
-
Select Applications/Applications.
-
In the Browse App Catalog, select Create New App or Create App Integration.
-
Choose
SAML 2.
.0 -
Fill in the details:
-
App integration name as SingleStore or SingleStore SAML.
-
Select Logo and upload a SingleStore logo.
-
-
Select Do not display application icon to users as IdP-initiated login is not yet supported for SAML.
-
Click the Next button to switch to the Configuration SAML tab.
-
From the SingleStore Helios Portal copy:
-
SingleStore's Login and Logout URL and paste to Single sign-on URL in Okta;
-
SingleStore's Entity ID and paste to Audience URI (SP Entity ID) in Okta;
-
Select the checkbox Use this for Recipient URL and Destination URL under the Single sign-on URL field;
-
-
Set Name ID format to
Persistent
-
Under Attribute Statements (optional) add the following attributes:
Name
Name Format
Value
email
Basic
user.
email lastName
Basic
user.
lastName firstName
Basic
user.
FirstName -
Select Next.
-
Select Finish on the next screen, ignore the optional questions and checkboxes.
-
On the next screen, in the Sign On tab, scroll to the SAML Signing Certificates section and click on Actions next to the
Active
status, selectView IdP metadata
from the dropdown menu. -
Copy the metadata URL and save an XML file on your local computer.
In the SingleStore Helios Portal
-
Scroll to the second section (Identity provider XML) and download the XML file from the step above.
-
Set up the Domain in the third step.
Click on Add Domain > Enter valid domain and set up Domain Attributes if it is required. Click on the Actions button and verify your domain. -
Under Map User Attributes, fill in the details as per the table in the Okta Admin portal section (email is “email”, lastName is “lastName”, firstName is “firstName”).
-
Select Save.
-
Select Update Connection.
-
Copy SingleStore’s Certificate and save it as a .
pem file.
In the Okta Admin Portal
-
Go to General, and select Edit on SAML Settings.
-
Select Next to bypass General Settings.
-
Select Show Advanced Settings.
-
Select the .
pem file with the SingleStore’s certificate that was copied in the SingleStore Helios Portal section and download it to Signature Certificate. -
In Signed Requests, turn on
Validate SAML requests with signature certificates
. -
Select Next.
-
Select Finish.
If you provided the correct Domain and Certificates, the status of your connection will be changed to Verified/Active (green checkbox).
Last modified: November 26, 2024