Single sign-on using Okta

info

• SSO is available only in the Pro Plus plan.
• To manage users through SSO, contact support and request for user management restricted to SSO.

You can create a new application for Okta and configure it for Single Sign-On (SSO) with Data Integration.

Creating a new application in Okta

Procedure

1. Log in to Okta platform.

2. Navigate to the Admin.

3. Proceed to add an application for Single Sign-on.

4. Click Create New App.

5. SAML 2.0: Choose SAML 2.0 and proceed to the next step.

6. Enter the name of your Application as Data Integration and click Next.

7. Configure SAML Settings:

   • Single Sign-On URL (ends with ACS):

   https://auth.[console-region].rivery.io/[account-id]_Okta_[console-region]/?acs
   
   • Audience URI (ends with Metadata):

   https://auth.[console-region].rivery.io/[account-id]_Okta_[console-region]/metadata
   

note

• Remove the square brackets after adding your information.
• Your Account ID is available in the Console URL: https://console.rivery.io/home/**[account-id]**/563f5b17b0a105467kle07a4we5435ff4c33

Data Integration console URL	Region
https://console.rivery.io	us-east-2
https://eu-west-1.console.rivery.io	eu-west-1
https://il-central-1.console.rivery.io	il-central-1
https://ap-southeast-2.console.rivery.io	ap-southeast-2

• NameID Format: Email Address
• Application Username: Okta Username
• Update Application Username On: Create and Update

8. Configure Attribute Statements:

   Under Attribute Statements, configure the following case-sensitive settings:

   Name	Name Format	Value
   email	Unspecified	user.email
   NameID	Unspecified	user.email
   firstname	Unspecified	user.firstName
   lastname	Unspecified	user.lastName

info

IMPORTANT:

• user.firstName and user.lastName must be defined (with a capital 'N').
• RelayState URLs: The URLs must include the trailing slash (/).

9. Click Next.
10. On the Feedback page, select I'm an Okta customer adding an internal app and turn on This is an internal app that we have created as the App Type.
11. Click Finish.
12. Click "View SAML setup instructions" in the pop-up.

Submitting information to Data Integration

Provide the following information to the Support team by submitting a Support Ticket.

Procedure

1. Identity Provider Single Sign-On URL
2. Identity Provider Issuer
3. X.509 Certificate.
4. Specify the Default Role you prefer for newly introduced Data Integration users after logging in.

note

After setting up SSO, the default landing URL for your Data Integration console will be https://console.rivery.io/home/[account_id]/default_env, indicating that all users have access to the default environment.