Connect your Okta account to Stitch and enable Single Sign-On (SSO).

In this guide, we’ll cover:


Prerequisites

  • SSO Admin privileges in Stitch. If this is the first time SSO is enabled, the Stitch user who configures the connection will become an SSO Admin. Additional SSO Admins may be added by contacting support.

    Refer to the Team member roles and permissions documentation for more info about privileges in Stitch.

  • Application Management privileges in Okta that allow you to add and configure applications. If you don’t have these privileges, contact an Okta admin before continuing.

    Refer to Okta’s documentation for more info.


Step 1: Create and configure an Okta app

Step 1.1: Retrieve your SSO info from Stitch

  1. Sign into your Stitch account.
  2. Click User menu (your icon) > Manage Account Settings.
  3. Scroll down to the Single Sign-on section and click Enable SSO.

  4. Select Okta from the SSO Provider menu.
  5. Click Continue.
  6. The Configure Your Okta SSO page will display.

Leave this page open - you’ll need it to complete the setup.

Step 1.2: Create the app in Okta

  1. Sign into your Okta account as a user with privileges that allow you to add and configure apps.
  2. Click Applications > Applications.
  3. On the Applications page, click Add Application.
  4. On the Add Application page, click Create New App.
  5. In the Create a New Application Integration window, fill in the fields as follows:
    • Platform: This should default to Web. Leave it as-is.
    • Sign on method: Select SAML 2.0.
  6. Click Create.

Step 1.3: Define the app's general settings

A General Settings page will display. Fill in the fields as desired, clicking Next when finished.

Step 1.4: Configure SAML for the app

Next, you’ll configure SAML for the app on the Configure SAML page:

Step 1.4.1: Define the General settings

In the General section, fill in the following fields:

  • Single sign on URL: Paste the value from the SSO URL field in Stitch.
  • Audience URI (SP Entity ID): Paste the value from the SP Entity ID field in Stitch.

This is how the section should look after the fields have been populated:

General SAML attribute fields populated in Okta

Step 1.4.2: Define the Attribute Statements

Next, you’ll add the required attributes for the app:

# SAML Attribute Name Value
1 given_name user.firstName
2 family_name user.lastName
3 email user.email

To add the attributes:

  1. Scroll down to the attributes section, located after the Show Advanced Settings link.
  2. In the Field name field, enter the SAML Attribute Name of the parameter. For example: given_name
  3. In the Value field, select the corresponding Value from the dropdown. For example: user.firstName is the value for the SAML Attribute given_name.
  4. Click Add Another to add the next attribute.
  5. Repeat steps 2-4 until all attributes have been added. This is how the section should look when all the parameters have been added:

    Stitch attributes fully configured for the Okta app

  6. When finished, click Next.

Step 1.5: Save the app configuration

The next page that displays is the Feedback page. You can fill it out, or click Finish if you’ve finished defining the app’s general settings and configuring its SAML.

Step 1.6: Download the app's SAML metadata file

Next, you’ll download your app’s SAML metadata file. This is required to connect your Okta app with Stitch and enable SSO.

After the app has been saved, a page for the app will display in Okta.

  1. If you’re not in the Sign On tab, click it to navigate there.
  2. In the Settings section, locate the Identity Provider metadata link and click it:

    Highlighted Identity Provider metadata link in the Okta web app

    This will open a new tab in your browser with the SAML XML metadata for the app.

  3. Download/save this page, or copy and paste the XML data from the new tab into a text editor and save it as an .xml file. For example: stitch-sso-saml-metadata.xml

Step 1.7: Grant users access to the app

The last step to configuring the app is to grant access to users in your Okta instance. This ensures that they’ll be able to access Stitch via SSO.

Using the process your organization follows, grant Stitch Okta app access to the your colleagues.


Step 2: Connect to Stitch

Navigate back to the page where your Stitch account is open.

  1. In Stitch, scroll down to the Connect to Stitch section of the Okta setup page.
  2. Click Upload SAML Metadata.
  3. Locate and select the SAML metadata file you downloaded in Step 1.6.

Step 3: Activate SSO

When finished, click the Activate SSO button.

Next steps

After you’ve enabled SSO for your Stitch account, remember to grant Stitch access to users in your Okta instance, if you haven’t already.



Questions? Feedback?

Did this article help? If you have questions or feedback, feel free to submit a pull request with your suggestions, open an issue on GitHub, or reach out to us.