Set Up SSO with Okta
Supabase supports single sign-on (SSO) using Okta.
Step 1: Choose Create App Integration in the Applications dashboard #
Navigate to the Applications dashboard of the Okta admin console. Choose the Create App Integration button from the toolbar.
Step 2: Choose SAML 2.0 in the app integration dialog #
Supabase supports the SAML 2.0 SSO protocol. Choose it from the Create a new app integration dialog.
Step 3: Fill out General Settings #
The information you enter here is for visibility into your Okta applications
menu. You can choose any values you like. Supabase
as a name works well for
most use cases.
Step 4: Fill out SAML Settings #
These settings let Supabase use SAML 2.0 properly with your Okta application. Make sure you enter this information exactly as shown on in this table and screenshot.
Setting | Value |
---|---|
Single sign-on URL | https://supabase.com/dashboard/auth/v1/sso/saml/acs |
Use this for Recipient URL and Destination URL | ✔️ |
Audience URI (SP Entity ID) | https://supabase.com/dashboard/auth/v1/sso/saml/metadata |
Default RelayState | https://supabase.com/dashboard |
Name ID format | EmailAddress |
Application username | |
Update application username on | Create and update |
Step 5: Fill out Attribute Statements #
Attribute Statements allow Supabase to get information about your Okta users on each login.
A email
to user.email
statement is required to exist. Other mappings
shown below are optional and configurable depending on your Okta
setup. If in doubt, replicate the same config as shown.
Please share any changes, if any, from this screen with your Supabase support contact.
Step 6: Obtain IdP metadata URL #
Supabase needs to finalize enabling single sign-on with your Okta application.
To do this scroll down to the SAML Signing Certificates section on the Sign On tab of the Supabase application. Pick the the SHA-2 row with an Active status. Click on the Actions dropdown button and then on the View IdP Metadata.
This will open up the SAML 2.0 Metadata XML file in a new tab in your browser. Copy this URL and send it to your support contact and await further instructions. If you're not clear who to send this link to or need further assistance, please reach out to support@supabase.com.
The link usually has this structure: https://<okta-org>.okta.com/apps/<app-id>/sso/saml/metadata
Step 7: Wait for confirmation #
Once you’ve configured the Okta app as shown above, make sure you send the metadata URL and information regarding the attribute statements (if any changes are applicable) to your support contact at Supabase.
Wait for confirmation that this information has successfully been added to Supabase. It usually takes us 1 business day to configure this information for you.
Step 8: Test single sign-on #
Once you’ve received confirmation from your support contact at Supabase that SSO setup has been completed for your enterprise, you can ask some of your users to sign in via their Okta account.
You ask them to enter their email address on the Sign in with SSO page.
If sign in is not working correctly, please reach out to your support contact at Supabase for further guidance.