How to Configure SAML 2.0 for Segment


Supported Features

The Okta/Segment SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Log in to Segment as an administrator.

  2. Go to Settings > Authentication > Connections, then click Add new Connection:

    Settings > Authentication > Connections, click Add New Connnection

  3. Select SAML 2.0, then click Select Connection:

    Select SAML 2.0 and click Select Connection

  4. Enter the following:

    • Configure IDP

      • Single Sign-On URL: Make a copy of your Customer ID marked in red.

        For example, if your Single Sign-On URL is https://acme.domen.com/login/callback?connection=a1b2c3d4, your Customer ID is a1b2c3d4.

      • Click Next:

      Configure IDP

    • Configure Connection

      • SAML 2.0 Endpoint: Copy and paste the following:

        Sign into the Okta Admin Dashboard to generate this variable.

      • Public Certificate: Copy and paste the following:

        Sign into the Okta Admin Dashboard to generate this variable.
      • Click Configure Connection:

      Configure Connection

    • Domains (optional)

      Note: This is required if you want to enable SP-initiated flow, otherwise click Skip.

      • Domains: Enter your domain.

      • Click Add Domain:

      • Domains (optional)

      • Click Verify.

        Note: When you click verify, you’re given two options to verify your domain, either using a meta tag to add to your /index.html at the root, or a DNS txt record that you can add through your DNS provider (domain tokens expire 14 days after they are verified).

      • Domains (optional)

    • Enable Connection

      • Go back to the connections page:

      • connections page

      • Select the switch button to enable your SAML configuration:

      • enable your SAML configuration

  5. In Okta, select the Sign On tab for the Segment SAML app, then click Edit.

    • Enter your Customer ID (step 4) into the corresponding field.

    • Application username format: Select Email.

    • Click Save:

    In okta, enter Customer ID, application username format = email

  6. Done!


The following SAML attributes are supported:

SP-initiated SSO

  1. Go to: https://app.segment.com

  2. Enter your email, select Single Sign-On, then click Log In:

    Go to https://app.segment.com, enter your email, select Single Sign-On and click Log In