Set Up SSO with Okta

Supabase supports single sign-on (SSO) using Okta.

Step 1: Choose Create App Integration in the Applications dashboard

Navigate to the Applications dashboard of the Okta admin console. Click Create App Integration.

Okta dashboard: Create App Integration button

Step 2: Choose SAML 2.0 in the app integration dialog

Supabase supports the SAML 2.0 SSO protocol. Choose it from the Create a new app integration dialog.

Okta dashboard: Create new app integration dialog

Step 3: Fill out General Settings

The information you enter here is for visibility into your Okta applications menu. You can choose any values you like. Supabase as a name works well for most use cases.

Okta dashboard: Create SAML Integration wizard

Step 4: Fill out SAML Settings

These settings let Supabase use SAML 2.0 properly with your Okta application. Make sure you enter this information exactly as shown on in this table and screenshot.

Single sign-on URL
Use this for Recipient URL and Destination URL✔️
Audience URI (SP Entity ID)
Default RelayState
Name ID formatEmailAddress
Application usernameEmail
Update application username onCreate and update

Okta dashboard: Create SAML Integration wizard, Configure SAML step

Step 5: Fill out Attribute Statements

Attribute Statements allow Supabase to get information about your Okta users on each login.

A email to statement is required. Other mappings shown below are optional and configurable depending on your Okta setup. If in doubt, replicate the same config as shown.

Please share any changes, if any, from this screen with your Supabase support contact.

Okta dashboard: Attribute Statements configuration screen

Step 6: Obtain IdP metadata URL

Supabase needs to finalize enabling single sign-on with your Okta application.

To do this scroll down to the SAML Signing Certificates section on the Sign On tab of the Supabase application. Pick the the SHA-2 row with an Active status. Click on the Actions dropdown button and then on the View IdP Metadata.

This will open up the SAML 2.0 Metadata XML file in a new tab in your browser. Copy this URL and send it to your support contact and await further instructions. If you're not clear who to send this link to or need further assistance, contact [email protected].

The link usually has this structure: https://<okta-org><app-id>/sso/saml/metadata

Okta dashboard: SAML Signing Certificates, Actions button highlighted

Step 7: Wait for confirmation

Once you’ve configured the Okta app as shown above, make sure you send the metadata URL and information regarding the attribute statements (if any changes are applicable) to your support contact at Supabase.

Wait for confirmation that this information has successfully been added to Supabase. It usually takes us 1 business day to configure this information for you.

Step 8: Test single sign-on

Once you’ve received confirmation from your support contact at Supabase that SSO setup has been completed for your enterprise, you can ask some of your users to sign in via their Okta account.

You ask them to enter their email address on the Sign in with SSO page.

If sign in is not working correctly, please reach out to your support contact at Supabase for further guidance.