Sign inTry Free

Okta Self Serve SSO Steps - SAML

On this page

The following steps have to be executed in the SingleStore Helios Portal and the Okta Admin portal sequentially.

In the SingleStore Helios Portal

  1. Open the ORG:your-org menu in the top right corner and go to Organization Details.

  2. Select the Authentication tab.

  3. Use the Add Identity Provider list on the right to add a SAML 2.0 identity provider connection.

  4. Add a Connection Name, for example, Okta SAML.

  5. Copy SingleStore’s Service Provider Configuration and store it in a file with a .xml extension

In the Okta Admin Portal

  1. In the Okta Admin console go to Admin mode and select Applications from the left panel.

  2. Select Applications/Applications.

  3. In the Browse App Catalog, select Create New App or Create App Integration.

  4. Choose SAML 2.0.

  5. Fill in the details:

    • App integration name as SingleStore or  SingleStore SAML.

    • Select Logo and upload a SingleStore logo.

  6. Select Do not display application icon to users as IdP-initiated login is not yet supported for SAML.

  7. Click the Next button to switch to the Configuration SAML tab.

  8. From the SingleStore Helios Portal copy:

    • SingleStore's Login and Logout URL and paste to Single sign-on URL in Okta;

    • SingleStore's Entity ID and paste to Audience URI (SP Entity ID) in Okta;

    • Select the checkbox Use this for Recipient URL and Destination URL under the Single sign-on URL field;

  9. Set Name ID format to Persistent

  10. Under Attribute Statements (optional) add the following attributes:

    Name

    Name Format

    Value

    email

    Basic

    user.email

    lastName

    Basic

    user.lastName

    firstName

    Basic

    user.FirstName

  11. Select Next.

  12. Select Finish on the next screen, ignore the optional questions and checkboxes.

  13. On the next screen, in the Sign On tab, scroll to the SAML Signing Certificates section and click on Actions next to the Active status, select View IdP metadata from the dropdown menu.

  14. Copy the metadata URL and save an XML file on your local computer.

In the SingleStore Helios Portal

  1. Scroll to the second section (Identity provider XML) and download the XML file from the step above.

  2. Set up the Domain in the third step. Click on Add Domain > Enter valid domain and set up Domain Attributes if it is required. Click on the Actions button and verify your domain.

  3. Under Map User Attributes, fill in the details as per the table in the Okta Admin portal section (email is “email”, lastName is “lastName”, firstName is “firstName”).

  4. Select Save.

  5. Select Update Connection.

  6. Copy SingleStore’s Certificate and save it as a .pem file.

In the Okta Admin Portal

  1. Go to General, and select Edit on SAML Settings.

  2. Select Next to bypass General Settings.

  3. Select Show Advanced Settings.

  4. Select the .pem file with the SingleStore’s certificate that was copied in the SingleStore Helios Portal section and download it to Signature Certificate.

  5. In Signed Requests, turn on Validate SAML requests with signature certificates.

  6. Select Next.

  7. Select Finish.

If you provided the correct Domain and Certificates, the status of your connection will be changed to Verified/Active (green checkbox).

Last modified: August 19, 2024

Was this article helpful?

On this page

Was this article helpful?