Okta Self Serve SSO Steps - SAML

The following steps have to be executed in the SingleStore Helios Portal and the Okta Admin portal sequentially.

In the SingleStore Helios Portal

  1. Open the ORG:your-org menu and go to Organization Details.

  2. Select the Authentication tab.

  3. Use the Add Identity Provider list on the right to add a SAML 2.0 identity provider connection.

  4. Add a Connection Name, for example, Okta SAML.

  5. Copy SingleStore’s Service Provider Configuration and store it in a file with a .xml extension

In the Okta Admin Portal

  1. In the Okta Admin console, select Applications from the left panel.

  2. Select Applications/Applications.

  3. In the BrowsApp Integration Catalog, select Create New App or Create App Integration.

  4. Choose SAML 2.0.

  5. Fill in the details:

    • App integration name as SingleStore or  SingleStore SAML.

    • Select Logo and upload a SingleStore logo.

  6. Select Do not display application icon to users as IdP-initiated login is not yet supported for SAML.

In the SingleStore Helios Portal

  1. Open your org.

  2. Select Organization Details.

  3. Select Authentication.

  4. Select Add Identity Provider and select SAML 2.0.

In the Okta Admin Portal

  1. From the SingleStore Helios Portal copy:

    • Login URL to Single sign-on URL.

    • Entity ID to Audience URI (SP Entity ID)

  2. Set Name ID format to Persistent

  3. Under Attribute Statements (optional) add the following attributes:

    Name

    Name Format

    Value

    email

    Basic

    user.email

    lastName

    Basic

    user.lastName

    firstName

    Basic

    user.FirstName

  4. Select Next.

  5. Select Finish on the next screen, ignore the “Are you a customer or partner?” question.

  6. On the next screen, in the Sign On tab, grab the Metadata URL and download the metadata to a local file.

In the SingleStore Helios Portal

  1. Upload the downloaded metadata into Identity provider XML.

  2. Under Map User Attributes, fill in the details as per the table in Step (4) above in the Okta Admin portal section (email is “email”, lastName is “lastName”, firstName is “firstName”).

  3. Select Save.

  4. Select Update Connection.

  5. Download SingleStore’s Certificate.

In the Okta Admin Portal

  1. Go to General, and select Edit on SAML Settings.

  2. Select Next to bypass General Settings.

  3. Select Show Advanced Settings.

  4. Upload the certificate from Step (9) above in the SingleStore Helios Portal section to Signature Certificate.

  5. At Signed Requests, turn on Validate SAML requests with signature certificates.

  6. Select Next.

  7. Select Finish.

Last modified: July 16, 2024

Was this article helpful?