Administration > Single Sign-On

Single Sign-On

This page covers how to set up single-sign access to Rockset with an independent provider.

Okta

Follow the steps below to configure SAML single sign-on with Okta.

Note: Only Rockset Administrators can view and change SSO settings, and only Okta Administrators can configure new Okta connections.

1. View your SSO Settings page in Rockset

Navigate to the Access Settings tab within Manage > Users. You’ll need both the Rockset SAML URL and Rockset Audience URI to set up your Okta connection.

Rockset Access Settings

2. Create a new Okta connection

From the Okta Admin dashboard, create a new SAML web connection.

Create Okta Application

Click Create, and enter your the Rockset SAML URL and Rockset Audience URI as shown here.

Okta SAML Endpoints

Scroll down, and in the Attribute Statements sections, add the following attribute email with value ${user.email}:

Okta Attributes

Everything else should be left in default mode. Click Finish.

Okta Setup Instructions

On your new application screen, click ‘View Setup Instructions.’

Note the Identity Provider Single Sign-On URL and X.509 Certificate. You’ll need these fields to successfully configure Rockset.

Okta Certificates

3. Configure Rockset

Take the Single-Sign-On URL and x.509 Certificate from Okta and enter them back into Rockset.

Rockset SSO Setup

You’re now ready to enable the connection! We recommend leaving the ‘SSO Only’ setting off until you have successfully tested the connection. You can do so by logging in from the Okta portal, or by logging out of Rockset and entering your email on the Login page.

Troubleshooting

If you have any issues testing your connection, take a look at the SAML application settings that you just configured and ensure they look match this pattern:

Okta SAML Settings