Configure SSO with Okta

This guide is intended for Admins setting up SSO SAML with Okta.

When you configure Single Sign-on (SSO) with Okta, your users will be able to create and sign into their Baserow accounts using Okta.

If you are looking for information on setting up SSO with other providers:

Single Sign-On feature is a part of the Baserow Enterprise offering. Instance-wide features are only available on the self-hosted Enterprise plan. To learn more about the Baserow enterprise plan, visit our pricing page.

Here’s how to set up Okta to sign in to your Baserow account.

Set up SSO SAML with OneLogin

To get started, log into your Okta account and click Admin in the top right corner:

enter image description here

Click the Applications tab in the sidebar on the Okta admin page, then select the Applications option from the dropdown menu.

Next, click the Create App Integration button on the Applications page:

enter image description here

Choose SAML 2.0 as the sign-in method:

enter image description here

Choose Baserow as the app name and upload the logo for the application:

enter image description here

Next, retrieve your Default Relay State URL and Single Sign On URL from the admin settings modal in Baserow, following the steps in this guide.

To Configure SAML in Okta, add your Single Sign On URL in the first two fields (”Single sign on URL” and “Audience URI (SP Entity ID)”).

Add your Default Relay State URL in the “Default Relay State” field.

Create 3 attribute statements with values as such:

Field name Value
user.first_name user.firstName
user.last_name user.lastName

Set all other fields like in the image below:

enter image description here

Click ‘Next’ to complete the configuration.

Once the app has been created, assign it to people from the ‘Assignments’ tab of the Baserow Okta application. This permits these people to send the user information from Okta to Baserow to create/log in to the account.

enter image description here

To ensure that the sign in works properly on Baserow, set the email domain associated with this app and paste the Identity provider metadata into Baserow.

The metadata can be found in the ‘Sign On’ tab. Scroll to “SAML Signing Certificates” section and then choose a certificate type with active status. From the actions dropdown of the active certificate, click “View IdP metadata”.

enter image description here

After you’ve accessed the information from the IdP Metadata, copy and paste the information from Okta into Baserow.

Connect Okta to your Baserow Account

Head back to Baserow Admin > Authentication > Provider.

Configure OneLogin by inputting the domain and metadata information into the corresponding fields in your Baserow Admin Dashboard, following the steps in this guide.

You should be able to log in with OneLogin after completing these steps by visiting your Baserow servers login page. Your users will now be taken to a OneLogin sign-in flow when they attempt to log into Baserow. After logging in with their OneLogin credentials, they will be redirected to the app.

enter image description here

Still need help? If you’re looking for something else, please feel free to make recommendations or ask us questions—we’re ready to assist you.

   Ask the Baserow community

   Contact support for questions about Baserow or help with your account.