This page covers how to set up single-sign access to Rockset with an independent provider.
Follow the steps below to configure SAML single sign-on with Okta.
Note: Only Rockset Administrators can view and change SSO settings, and only Okta Administrators can configure new Okta connections.
Navigate to the Access Settings tab within Manage > Users. You’ll need both the Rockset SAML URL and Rockset Audience URI to set up your Okta connection.
From the Okta Admin dashboard, create a new SAML web connection.
Click Create, and enter your the Rockset SAML URL and Rockset Audience URI as shown here.
Scroll down, and in the Attribute Statements sections, add the following attribute email with value ${user.email}:
Everything else should be left in default mode. Click Finish.
On your new application screen, click ‘View Setup Instructions.’
Note the Identity Provider Single Sign-On URL and X.509 Certificate. You’ll need these fields to successfully configure Rockset.
Take the Single-Sign-On URL and x.509 Certificate from Okta and enter them back into Rockset.
You’re now ready to enable the connection! We recommend leaving the ‘SSO Only’ setting off until you have successfully tested the connection. You can do so by logging in from the Okta portal, or by logging out of Rockset and entering your email on the Login page.
If you have any issues testing your connection, take a look at the SAML application settings that you just configured and ensure they look match this pattern: