Configure SSO with Okta

This guide is intended for Admins setting up SSO SAML with Okta.

When you configure Single Sign-on (SSO) with Okta, your users will be able to create and sign into their Baserow accounts using Okta.

If you are looking for information on setting up SSO with other providers:

Instance-wide admin panel, SSO, Payment by invoice, Signup rules, Audit logs are features only available for Baserow paid plans. Get in touch with us here if you’re interested in learning more about paid pricing.

Here’s how to set up Okta to sign in to your Baserow account.

Set up SSO SAML with OneLogin

To get started, log into your Okta account and click Admin in the top right corner:

enter image description here

Click the Applications tab in the sidebar on the Okta admin page, then select the Applications option from the dropdown menu.

Next, click the Create App Integration button on the Applications page:

enter image description here

Choose SAML 2.0 as the sign-in method:

enter image description here

Choose Baserow as the app name and upload the logo for the application:

enter image description here

Next, retrieve your Default Relay State URL and Single Sign On URL from the admin settings modal in Baserow, following the steps in this guide.

To Configure SAML in Okta, add your Single Sign On URL in the first two fields (”Single sign on URL” and “Audience URI (SP Entity ID)”).

Add your Default Relay State URL in the “Default Relay State” field.

Create 3 attribute statements with values as such:

Field name Value
user.email user.email
user.first_name user.firstName
user.last_name user.lastName

Set all other fields like in the image below:

enter image description here

Click ‘Next’ to complete the configuration.

Once the app has been created, assign it to people from the ‘Assignments’ tab of the Baserow Okta application. This permits these people to send the user information from Okta to Baserow to create/log in to the account.

enter image description here

To ensure that the sign in works properly on Baserow, set the email domain associated with this app and paste the Identity provider metadata into Baserow.

The metadata can be found in the ‘Sign On’ tab. Scroll to “SAML Signing Certificates” section and then choose a certificate type with active status. From the actions dropdown of the active certificate, click “View IdP metadata”.

enter image description here

After you’ve accessed the information from the IdP Metadata, copy and paste the information from Okta into Baserow.

Connect Okta to your Baserow Account

Head back to Baserow Admin > Authentication > Provider.

Configure OneLogin by inputting the domain and metadata information into the corresponding fields in your Baserow Admin Dashboard, following the steps in this guide.

You should be able to log in with OneLogin after completing these steps by visiting https://baserow.io/login. Your users will now be taken to a OneLogin sign-in flow when they attempt to log into Baserow. After logging in with their OneLogin credentials, they will be redirected to the app.

enter image description here

If you’re looking for something else, please feel free to make recommendations or ask us questions in our online community —we’re ready to assist you!