Okta SAML Integration

SAML stands for Security Assertion Markup Language. It is an open-standard for exchanging security information and providing Single Sign-On (SSO) between 2 parties: an identity provider (IdP) and a service provider (SP).

This document will walk through setting up SAML based authentication between DeltaStream (SP) and Okta (IdP).

Okta documentation for configuing the SAML integration is available at https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_saml.htm

Initial Okta Setup

Log into your Okta dashboard, navigate to the applications menu and click the "Create App Integration" button.

Select "SAML 2.0" the the sign-in method and click "Next".

Update the General Settings for the DeltaStream app integration. Optionally set up the DeltaStream Logo for your application.

Setup the SAML integration with the following values. Settings not mentioned below must be left with default values.

General settings

Field Value

Field	Value
Single signon URL	`https://auth.deltastream.io/login/callback?connection=ds-okta-saml-placeholder`
Audience URI	`urn:auth0:deltastream:ds-okta-saml-placeholder`
Name ID format	`EmailAddress`
Application Username	`Email`
Update application username on	`Create and update`

Single signon URL

https://auth.deltastream.io/login/callback?connection=ds-okta-saml-placeholder

Audience URI

urn:auth0:deltastream:ds-okta-saml-placeholder

Name ID format

EmailAddress

Application Username

Email

Update application username on

Create and update

Attribute Statements

Click on the "Add another" button and add the following mappings.

Name Name format Value

Name	Name format	Value
email	Basic	`user.email`
firstName	Basic	`user.firstName`
lastName	Basic	`user.lastName`

Basic

user.email

firstName

Basic

user.firstName

lastName

Basic

user.lastName

Refer to the following screenshot for a visual reference. Click the "Next" button after entering the required values.

Reach out to DeltaStream at ops@deltastream.io and provide the following information:

Your company's name
Your company's email domain
First Org admin's email address (you can add more later)
Single Sign-on URL
Sign-out URL
Issuer
Signing certificate

Wait for DeltaStream to provide you with the "Audience URI" before you proceed.

Complete Okta Setup

After integration is complete, DeltaStream will provide you with the final Audience URI which needs to be updated in Okta.

Log into your OKTA dashboard, navigate to the applications menu and click the "DeltaStream" application.

Select the "General" tab, click the "Edit" button for the "SAML Settings".
Click "Next" on the "General Settings" page.

Update the "Single signon URL" with the value provided by DeltaStream.
Update the "Audience URI (SP Entity ID)" with the value provided by DeltaStream.
Click "Next" and "Finish" to complete editing the Okta integration.

References

PreviousEnterprise Security Integrations NextOkta SCIM Integration

Last updated 6 months ago