How to Configure SAML 2.0 for Sigma on AWS


Supported Features

The Okta/Sigma on AWS SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Sign in to Sigma as an Organization Admin.

  2. Click your icon, then select Administration:

    click icon, then Administration

  3. In the Site section make a copy of your Company Login URL (this value is needed for SP-initiated SSO and IdP-initiated SSO), then go to Authentication:

    Make a copy of your Company Login URL, then go to Authentication:

  4. Go to Authentication, click Edit, then enter the following:

    • Authentication Method: Select either SAML (Users may login using either your Identity Provider (IDP or with an email and password), or SAML or password (Users must login using your Identity Provider (IDP).

    • Identity Provider Login URL: Copy and paste the following:

      Sign in to the Okta Admin app to generate this variable.

    • Identity Provider X509Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Click Save:

    Enter SAML Config values

  5. In Okta, select the Sign On tab for the Sigma on AWS app, then click Edit:

    • Default Relay State: Enter the following value: https://app.sigmacomputing.com/[yourCompanyId]/finish-login

      For example, if your Company Login URL (step 3) is https://app.sigmacomputing.com/acme

      Your Default Relay State is https://app.sigmacomputing.com/acme/finish-login

    • SAML Attributes (optional):

      • By default Okta supports only firstName and lastName SAML attributes that are mandatory for JIT. You can configure additional attributes and their values (mappings) under the Attributes (Optional) section of SAML.

      • The following optional attributes are supported by Sigma: refreshTokenTimeoutSecs, userRole.

        Note: The value for refreshTokenTimeoutSecs can be any positive integer. The value for userRole should be one of admin, author, or viewer.

      • Here is an example of the configuration for the additional attributes:

        Note: You can add the groups attribute in the Group Attribute Statements (optional) section and specify a required filter in order to send Okta groups to the Sigma instance.

        add SAML Attributes

      • Click Save:

        SAML attributes

  6. Done!


The following SAML attributes are supported:

Optional attributes:

SP-initiated SSO

  1. Go to your Company Login URL you made a copy of in step 3.

  2. Click Log in with SSO:

  3. Go to your Company Login URL you made a copy of in step 3, click Log in with SSO