# SSO - Okta

Pipedream supports Single-sign on (SSO) with Okta. This guide shows you how to configure SSO in Pipedream to authenticate with your Okta org.

# Requirements

# Configuration

  1. In your Okta Admin dashboard, select the Applications section and click Applications below that:
Okta - application list
  1. Click Browse App Catalog:
Okta - browse app catalog
  1. Search for "Pipedream" and select the Pipedream app:
Okta - Pipedream app
  1. Click Add:
Okta - Add Pipedream app
  1. Fill out the General Settings that Okta presents, and click Done:
Okta - General Settings
  1. Select the Sign On tab, and click Edit at the top right:
Okta - Edit Sign In
  1. Scroll down to the SAML 2.0 settings. In the Default Relay State section, enter organization_username:
Okta - Default Relay State
  1. Set any other configuration options you need in that section or in the Credentials Details section, and click Save.

  2. In the Sign On section, you'll see a section that includes the setup instructions for SAML:

Okta - SAML

Click the Identity Provider metadata link and copy the URL from your browser's address bar:

Okta - Identity Metadata URL
  1. Visit your Pipedream organization settings (opens new window). Under the Auth section, add the metadata URL in the SAML section and click Confirm:
Okta - Pipdeream Metadata URL
  1. Back in Okta, click on the Assignments tab of the Pipedream application. Click on the Assign dropdown and select Assign to People:
Okta - Assign Users

Assign the application to the relevant users in Okta, and Pipedream will configure the associated accounts on our end.

Users can log into Pipedream at https://pipedream.com/auth/sso (opens new window) by entering your organization's name (found in your Settings (opens new window)). You can also access your SSO sign in URL directly by visiting https://pipedream.com/auth/sso/your_org_name (opens new window), where your_org_name is the name of your org.

# Important details

Before you configure the application in Okta, make sure all your users have matching email addresses for their Pipedream user profile and their Okta profile. Once SSO is enabled, they will not be able to change their Pipedream email address.

If a user's Pipedream email does not match the email in their IDP profile, they will not be able to log in.

If existing users signed up for Pipedream using an email and password, they will no longer be able to do so. They will only be able to sign in using SSO.