Learn how to configure Okta as your identity provider to work with SSO authentication for Firebolt.
Okta is an identity and access management platform that enables secure Single Sign-On (SSO). Integrating Okta with Firebolt allows users to login using their existing credentials, simplifying access while maintaining security. This setup helps you and your team centralize authentication and manage user access.
To integrate Okta with Firebolt’s platform, you need to configure your Okta application for Firebolt and Firebolt’s SSO for Okta. Detailed instructions can be found in the following sections:
In the Okta Admin Console, select Applications from the left navigation panel.
Select Applications again.
Select Create a new app integration.
Select SAML 2.0 as the sign-in method and choose Next.
Fill out General Settings and navigate to the next section Configure SAML.
Complete the following fields:
Single sign-on URL.
This URL has the following format https://id.app.firebolt.io/login/callback?connection=<org_name>-<provider>&organization=<organization_identifier>
<org_name>
represents the organization name used to create your Firebolt Account. This org name is referenced in your vanity URL.
<provider>
represents the provider we’re configuring as our IdP.
<organization_identifier>
- the unique identifier for your organization in Firebolt. To retrieve your <organization_identifier>
, do the following:
Example: https://id.app.firebolt.io/login/callback?connection=vsko-okta&organization=org_82u3nzTNQPA8RyoM
Audience URI (SP Entity ID).
This URI has the following format: urn:auth0:<tenant_name>:<org_name>-<provider>
, where <tenant_name>
is app-firebolt-v2, <org_name>
is the name of organization provider and <provider>
is the provider value set in Firebolt configuration step.
Example: urn:auth0:app-firebolt-v2:vsko-okta
Save the configuration.
Open the Sign On tab of your created app integration, and select the SAML 2.0 tab. Select More details to expand additional information.
Copy or note down the value for Sign on URL and Issuer.
Download the Signing Certificate.
Once your Identity Provider(IdP) is configured, you can now configure Firebolt to integrate with Okta either using SQL scripts in the Develop Space or through the user interface (UI) in the Configure Space.
Login to the Firebolt Workspace.
Select the Configure icon ().
Select SSO from the left navigation pane.
Under Configure SSO for your organization, enter the following:
Okta
.Login to Firebolt’s Workspace. Then, do the following:
Select system from the drop-down arrow next to the engine name. The system engine is always running, and you can use it to create a service account. You can also use an engine that you create.
In the previous code example, the following apply:
signOnUrl
- The sign-on URL, provided by the SAML identity provider, where Firebolt will send SAML requests. The URL is specific to the IdP and is defined during configuration. For Okta, this value corresponds to the Sign on URL value copied in Step 9.signoutUrl
- An endpoint provided by Okta that facilitates the logout process by redirecting the user to this URL, ending their session.issuer
- A unique value generated by the SAML identity provider specifying the issuer value. The issuer corresponds to the Issuer value noted in Step 9.provider
- The provider’s name, Okta
.label
- The label to use for the SSO login button. You can use any label name. If the label is not provided, Firebolt uses the value in the Provider field.certificate
- A digital certificate used to verify the authenticity of a signature used to communication between Okta and Firebolt. The certificate must be in Privacy Enhanced Mail (PEM) or CER format.field mapping
- A mapping used to match user attributes between Okta and Firebolt. Enter the first name and surname in your Okta profile. Mapping is only required the first time a user logs in using SSO.