Set Up SSO with Okta

Supabase supports single sign-on (SSO) using Okta.

Step 1: Choose Create App Integration in the Applications dashboard #

Navigate to the Applications dashboard of the Okta admin console. Choose the Create App Integration button from the toolbar.

Okta dashboard: Create App Integration

Step 2: Choose SAML 2.0 in the app integration dialog #

Supabase supports the SAML 2.0 SSO protocol. Choose it from the Create a new app integration dialog.

Okta dashboard: Create new app integration dialog

Step 3: Fill out General Settings #

The information you enter here is for visibility into your Okta applications menu. You can choose any values you like. Supabase as a name works well for most use cases.

Okta dashboard: Create SAML Integration

Step 4: Fill out SAML Settings #

These settings let Supabase use SAML 2.0 properly with your Okta application. Make sure you enter this information exactly as shown on in this table and screenshot.

Single sign-on URLhttps://app.supabase.com/auth/v1/sso/saml/acs
Use this for Recipient URL and Destination URL✔️
Audience URI (SP Entity ID)https://app.supabase.com/auth/v1/sso/saml/metadata
Default RelayStatehttps://app.supabase.com
Name ID formatEmailAddress
Application usernameEmail
Update application username onCreate and update

Okta dashboard: Create SAML Integration
wizard, Configure SAML step

Step 5: Fill out Attribute Statements #

Attribute Statements allow Supabase to get information about your Okta users on each login.

A email to user.email statement is required to exist. Other mappings shown below are optional and configurable depending on your Okta setup. If in doubt, replicate the same config as shown.

Please share any changes, if any, from this screen with your Supabase support contact.

Okta dashboard: Attribute Statements configuration

Step 6: Obtain IdP metadata URL #

Supabase needs to finalize enabling single sign-on with your Okta application.

To do this scroll down to the SAML Signing Certificates section on the Sign On tab of the Supabase application. Pick the the SHA-2 row with an Active status. Click on the Actions dropdown button and then on the View IdP Metadata.

This will open up the SAML 2.0 Metadata XML file in a new tab in your browser. Copy this URL and send it to your support contact and await further instructions. If you're not clear who to send this link to or need further assistance, please reach out to support@supabase.com.

The link usually has this structure: https://<okta-org>.okta.com/apps/<app-id>/sso/saml/metadata

Okta dashboard: SAML Signing Certificates, Actions button highlighted

Step 7: Wait for confirmation #

Once you’ve configured the Okta app as shown above, make sure you send the metadata URL and information regarding the attribute statements (if any changes are applicable) to your support contact at Supabase.

Wait for confirmation that this information has successfully been added to Supabase. It usually takes us 1 business day to configure this information for you.

Step 8: Test single sign-on #

Once you’ve received confirmation from your support contact at Supabase that SSO setup has been completed for your enterprise, you can ask some of your users to sign in via their Okta account.

You ask them to enter their email address on the Sign in with SSO page.

If sign in is not working correctly, please reach out to your support contact at Supabase for further guidance.