> ## Documentation Index
> Fetch the complete documentation index at: https://docs.datazone.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta SAML Setup

> Configure SAML authentication with Okta

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/oktalogo.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=c5959ce96df9bb181b6704e9f39dd1d3" alt="okta" width="337" height="150" data-path="images/oktalogo.png" />
</Frame>

## Prerequisites

* Administrator access to your Okta account
* Your Datazone instance domain (e.g., `app.datazone.co`)

## Configuration Steps

### 1. Create a New SAML Application in Okta

In your Okta Admin Console, create a new SAML 2.0 application integration for Datazone.

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-1.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=582cb8dd0f9bcc3c9b24174799e5e706" alt="saml-okta-1" width="1614" height="796" data-path="images/light/saml-auth/saml-okta-1.png" />
</Frame>

### 2. Choose SAML 2.0 as Sign-On Method

When prompted to select a sign-on method, choose **SAML 2.0**.

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-2.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=d15602f82373b3a0e577116f1b8d4cf0" alt="saml-okta-2" width="1283" height="776" data-path="images/light/saml-auth/saml-okta-2.png" />
</Frame>

### 3. Configure General Settings

In the **General Settings** section, provide a name for the application (e.g., "Datazone SSO").

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-3.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=1e1a314449741e7e4516ad241d4b8049" alt="saml-okta-3" width="1120" height="610" data-path="images/light/saml-auth/saml-okta-3.png" />
</Frame>

### 4. Configure SAML Settings

In the **Configure SAML** section, set the following parameters:

* **Single sign-on URL**: `https://YOUR_DATAZONE_DOMAIN/api/v1/auth/saml/acs`
* **Audience URI (SP Entity ID)**: `https://YOUR_DATAZONE_DOMAIN/api/v1/auth/saml/acs`
* **Application username**: `Email`

<Note>
  Replace `YOUR_DATAZONE_DOMAIN` with your actual Datazone instance domain.
</Note>

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-4.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=06372103bd564eb60ceb6de5d450107b" alt="saml-okta-4" width="1150" height="816" data-path="images/light/saml-auth/saml-okta-4.png" />
</Frame>

### 5. Add Attribute Statements

Once the application is created, navigate to the **Sign On** tab. Under **Attribute Statements**, add the following attribute mapping:

| Name    | Value        |
| ------- | ------------ |
| `email` | `user.email` |

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-5.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=ffb75c5d726288f6f6a918be0a8a3a83" alt="saml-okta-5" width="759" height="387" data-path="images/light/saml-auth/saml-okta-5.png" />
</Frame>

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-6.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=6dd46900e610d02552e095951647b320" alt="saml-okta-6" width="731" height="373" data-path="images/light/saml-auth/saml-okta-6.png" />
</Frame>

### 6. Assign Users or Groups (Optional)

Assign the appropriate users or groups to the application to control who can access Datazone through Okta.

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-7.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=9901b778077c326b603a963e09d05abd" alt="saml-okta-7" width="1067" height="708" data-path="images/light/saml-auth/saml-okta-7.png" />
</Frame>

### 7. Collect Okta Configuration Details

After configuring the application, gather the following information from the **Sign On** tab:

* **Identity Provider Single Sign-On URL** (SSO URL)
* **Identity Provider Issuer** (Entity ID)
* **X.509 Certificate** (Download the certificate)

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-8.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=124963379d6bf9c8447dfaabecaeead9" alt="saml-okta-8" width="761" height="1109" data-path="images/light/saml-auth/saml-okta-8.png" />
</Frame>

### 8. Enter Configuration in Datazone

Finally, enter the collected information into the Datazone SAML configuration settings as described in the [SAML Overview](overview) guide:

* **Entity ID (Issuer)**: Use the Identity Provider Issuer from Okta
* **SSO URL**: Use the Identity Provider Single Sign-On URL from Okta
* **Certificate**: Upload the downloaded X.509 certificate

<Frame>
  <img src="https://mintcdn.com/datazone/QCj8aexjRlaYEYYd/images/light/saml-auth/saml-okta-9.png?fit=max&auto=format&n=QCj8aexjRlaYEYYd&q=85&s=dfe06c57430fa9163cf076c7c41a915a" alt="saml-okta-9" width="1612" height="798" data-path="images/light/saml-auth/saml-okta-9.png" />
</Frame>

## Testing Your Configuration

After completing the setup:

1. Navigate to your Datazone login page
2. Click on the SSO/SAML login option
3. You should be redirected to Okta for authentication
4. Upon successful authentication, you'll be redirected back to Datazone

<Info>
  If you encounter any issues during setup, refer to the [SAML troubleshooting
  guide](overview#troubleshooting) or contact support at [support@datazone.co](mailto:support@datazone.co)
</Info>