Skip to main content

Setup Single Sign-On via Okta

AvailableCloud with Teams add-onNot availableSelf-Managed Community (OSS)AvailableSelf-Managed Enterprise

This page guides you through setting up Okta for Single Sign-On with Airbyte.

Airbyte will communicate with your Okta account using OpenID Connect (OIDC).

Creating an Okta app for Airbyte

info

The following steps need to be executed by an administrator of your company's Okta account.

You will need to create a new Okta OIDC App Integration for your Airbyte. Documentation on how to do this in Okta can be found here.

You should create an app integration with OIDC - OpenID Connect as the sign-in method and Web Application as the application type:

Screenshot of Okta app integration creation modal

On the following screen you'll need to configure all parameters for your Okta application:

You'll require to know your Company Identifier to fill in those values. You receive this from your contact at Airbyte.

Create the application with the following parameters:

App integration name
A human readable name for the application (e.g. Airbyte Cloud). This is only used for identification inside your Okta dashboard.
Logo (optional)
You can upload an Airbyte logo, which you can find at https://airbyte.com/company/press
Grant type
Only Authorization Code should be selected
Sign-in redirect URIs
https://cloud.airbyte.com/auth/realms/<your-company-identifier>/broker/default/endpoint
Sign-out redirect URIs
https://cloud.airbyte.com/auth/realms/<your-company-identifier>/broker/default/endpoint/logout_response
Trusted Origins
Leave empty
Assignments > Controlled Access
You can control whether everyone in your Okta organization should be able to access Airbyte using their Okta account or limit it only to a subset of your users by selecting specific groups who should get access.

You'll need to pass your Airbyte contact the following information of the created application. After that we'll setup SSO for you and let you know once it's ready.

  • Your Okta domain (it's not specific to this application, see Find your Okta domain)
  • Client ID
  • Client Secret
  • Email Domain (users signing in from this domain will be required to sign in via SSO)
warning

For security purposes, existing Applications used to access the Airbyte API that were created before enabling SSO will be disabled once the user that owns the Application signs in via SSO for the first time. After enabling SSO, please make sure to replace any Application secrets that were previously in use.

Was this page helpful?