# Okta Self Serve SSO Steps - SAML

The following steps have to be executed in the SingleStore Helios Portal and the Okta Admin portal sequentially.

## In the SingleStore Helios Portal

1. Open the **ORG:your-org** menu in the top right corner and go to **Organization Details**.

2. Select the **Authentication** tab.

3. Use the **Add Identity Provider** list on the right to add a `SAML 2.0` identity provider connection.

4. Add a **Connection Name**, for example, *Okta SAML*.

5. Copy**SingleStore’s Service Provider Configuration** and store it in a file with a `.xml` extension

## In the Okta Admin Portal

1. In the Okta Admin console go to Admin mode and select **Applications** from the left panel.

2. Select **Applications/Applications**.

3. In the **Browse App Catalog**, select **Create New App** or **Create App Integration**.

4. Choose `SAML 2.0`.

5. Fill in the details:

   * **App integration name** as *SingleStore* or  *SingleStore SAML*.
   * Select **Logo** and upload a SingleStore logo.

6. Click the **Next** button to switch to the **Configuration SAML** tab.

7. From the SingleStore Helios Portal copy:

   * SingleStore's **Login** and **Logout URL** and paste to **Single sign-on URL&#x20;**&#x69;n Okta;
   * SingleStore's **Entity ID** and paste to **Audience URI (SP Entity ID)&#x20;**&#x69;n Okta;
   * Select the checkbox **Use this for Recipient URL and Destination URL** under the **Single sign-on URL** field;

8. Set **Name ID format** to `Persistent`

9. Under **Attribute Statements (optional)** add the following attributes:
   | Name      | Name Format | Value          |
   | --------- | ----------- | -------------- |
   | email     | Basic       | user.email     |
   | lastName  | Basic       | user.lastName  |
   | firstName | Basic       | user.firstName |

10. Select **Next**.

11. Select **Finish** on the next screen, ignore the optional questions and checkboxes.

12. On the next screen, in the **Sign On** tab, scroll to the **SAML Signing Certificates** section and click on **Actions** next to the `Active` status, select `View IdP metadata` from the dropdown menu.

13. Copy the metadata URL and save an XML file on your local computer.

## In the SingleStore Helios Portal

1. Scroll to the second section (**Identity provider XML**) and download the XML file from the step above.

2. Set up the Domain in the third step. Click on **Add Domain** > **Enter valid domain** and set up **Domain Attributes** if it is required.  Click on the **Actions** button and verify your domain.

3. Under **Map User Attributes**, fill in the details as per the table in the Okta Admin portal section (email is “email”, lastName is “lastName”, firstName is “firstName”).

4. Select **Save**.

5. Select **Update Connection**.

6. Copy SingleStore’s Certificate and save it as a .pem file.

## In the Okta Admin Portal

1. Go to **General**, and select **Edit** on **SAML Settings**.

2. Select **Next** to bypass **General Settings**.

3. Select **Show Advanced Settings**.

4. Select the .pem file with the SingleStore’s certificate that was copied in the SingleStore Helios Portal section and download it to **Signature Certificate**.

5. In **Signed Requests**, turn on `Validate SAML requests with signature certificates`.

6. Select **Next**.

7. Select **Finish**.

If you provided the correct Domain and Certificates, the status of your connection will be changed to Verified/Active (green checkbox).

***

Modified at: August 12, 2025

Source: [/cloud/security/portal-access/saml/okta-self-serve-sso-steps-saml/](https://docs.singlestore.com/cloud/security/portal-access/saml/okta-self-serve-sso-steps-saml/)

(An index of the documentation is available at /llms.txt)