How to Configure SAML 2.0 for RudderStack

Contents

• Supported Features
• Configuration Steps
• Notes

Supported Features

The Okta/RudderStack SAML integration currently supports the following features:

• SP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Contact the RudderStack Support team at hello@rudderstack.com and request that they enable SAML 2.0 for your account.

2. Include the following information with your request:

   • Identity Provider Single Sign-On URL: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Identity Provider Issuer: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • X.509 Certificate: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

3. The RudderStack Support team will process your request and provide you with the Login URL value.

4. Assign your user to the app.

5. Since the application only supports an SP-initiated flow, you can simulate an IDP-initiated flow with the Bookmark sign-on method. In Okta add another RudderStack app and follow the steps below:

   • SIGN ON METHODS: Select Bookmark-only.

   • Enter your Login URL (step 3) into the corresponding field.

   • Click Save.

6. Assign your user to the app with the bookmark mode.

7. In Okta, select the General tab of your first RudderStack app, then click Edit.

   • Check Do not display application icon to users.

   • click Save.

8. Done!

---

Notes

• The following SAML attributes are supported:

  Name	Value
  FirstName	user.firstName
  LastName	user.lastName
  Email	user.email




• Since only SP-initiated flow is supported, we recommend hiding the application icon for users.

SP-initiated SSO

1. Go to: https://app.rudderstack.com/sso

2. Enter your email address, then click SIGN IN.