Setting Up SSO with Okta

This guide walks you through the process of configuring Single Sign-On (SSO) with Okta for your Arize account using SAML 2.0. It also includes Just-In-Time (JIT) user provisioning and role mapping.

Prerequisites

Admin access to your Okta instance
Be ready to share one of the following:
- A metadata URL
- A metadata.xml file

Setting up Arize SSO in Okta (SAML 2.0)

To configure Single Sign-On for Arize in Okta, follow these steps:

Create a New SAML 2.0 App in Okta
- In the Okta Admin Console, go to Applications > Applications > Create App Integration
- Select SAML 2.0 as the sign-in method

Enter Arize SAML Settings

Configure Okta with the following information about the Arize Service.

SSO URL / ACS (Assertion Consumer Service) : https://app.arize.com/auth/v2/saml
URI / EntityID: https://app.arize.com
UserName / NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

If needed for your Identity Provider, Arize SAML metadata.xml can be downloaded from https://app.arize.com/auth/v2/saml/metadata

SSO URL / ACS (Assertion Consumer Service): https://app.eu-west-1a.arize.com/auth/v2/saml
URI / EntityID: https://app.eu-west-1a.arize.com/
UserName / NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

If needed for your Identity Provider, Arize SAML metadata.xml can be downloaded from https://app.eu-west-1a.arize.com/auth/v2/saml/metadata

(Optional) Set Up Attribute Statements for Just-In-Time (JIT) Provisioning

Map user attributes as needed
Create a document to share with the Arize team that maps out the IdP configs. Be sure to include:
- The Attribute Name/Value
- The level of access including the relevant orgs and spaces (see different access levels here)
- Refer to the example below for how to format/ submit attributes

Attribute Name/ Value

Account Admin (Yes/ No)

Space (if not account admin)

Org Access Level (Admin/ Member/ Read Only)

Space Access Level (Admin/ Member/ Read Only)

Arize_Admin

Yes

Arize_Developer

Dev

Read Only

Admin

Send Your IdP Metadata to Arize

Once configured, send Arize your IdP metadata URL, or the metadata.xml directly.

PreviousSSO & RBAC NextWhitelisting

Last updated 2 days ago

Was this helpful?

Setting up Arize SSO in Okta (SAML 2.0)

To configure Single Sign-On for Arize in Okta, follow these steps:

Create a New SAML 2.0 App in Okta

In the Okta Admin Console, go to Applications > Applications > Create App Integration
Select SAML 2.0 as the sign-in method

Enter Arize SAML Settings

Configure Okta with the following information about the Arize Service.

SSO URL / ACS (Assertion Consumer Service) : https://app.arize.com/auth/v2/saml
URI / EntityID: https://app.arize.com
UserName / NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

If needed for your Identity Provider, Arize SAML metadata.xml can be downloaded from https://app.arize.com/auth/v2/saml/metadata

SSO URL / ACS (Assertion Consumer Service): https://app.eu-west-1a.arize.com/auth/v2/saml
URI / EntityID: https://app.eu-west-1a.arize.com/
UserName / NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

If needed for your Identity Provider, Arize SAML metadata.xml can be downloaded from https://app.eu-west-1a.arize.com/auth/v2/saml/metadata

(Optional) Set Up Attribute Statements for Just-In-Time (JIT) Provisioning

Map user attributes as needed

Create a document to share with the Arize team that maps out the IdP configs. Be sure to include:

The Attribute Name/Value
The level of access including the relevant orgs and spaces (see different access levels here)
Refer to the example below for how to format/ submit attributes

Attribute Name/ Value

Account Admin (Yes/ No)

Space (if not account admin)

Org Access Level (Admin/ Member/ Read Only)

Space Access Level (Admin/ Member/ Read Only)

Arize_Admin

Yes

Arize_Developer

Dev

Read Only

Admin

Send Your IdP Metadata to Arize

Once configured, send Arize your IdP metadata URL, or the metadata.xml directly.