Setting up SSO with Okta

dbt Cloud Enterprise supports single-sign on via Okta (using SAML). Currently supported features include:

  • IdP-initiated SSO
  • SP-initiated SSO
  • Just-in-time provisioning

This guide outlines the setup process for authenticating to dbt Cloud with Okta. After following the steps below, please contact support (support@getdbt.com) to complete the setup process.

Configuration

Log into your Okta account. You'll need administrator access to your Okta organization to follow this guide.

Using the Admin dashboard, you need to create a new app. To do this, first go to the Okta dashboard. Click Admin to go to the admin dashboard. Click + Add Applications on the right side of the screen. Finally, click Create New App.

Next, you'll configure the dbt Cloud application. On the Create a New Application Integration modal, select Web as the Platform, and SAML 2.0 as the Sign on method. Click Create to continue.

The 'Create a New Application Integration' modal
The 'Create a New Application Integration' modal

On the General Settings page, enter the following:

  • App name: dbt Cloud
  • App logo (optional): You can optionally download this dbt logo, and upload it to Okta to use as the logo for this app.

Click Next to continue.

The 'General Settings' page
The 'General Settings' page

On the SAML Settings page, enter the following values:

  • Single sign on URL: https://auth.getdbt.com/login/callback?connection=<your-deployment-id>
  • Audience URI (SP Entity ID): urn:auth0:dbt-cloud:<your-deployment-id>

Replace <your-deployment-id> with your dbt Cloud deployment ID. If you aren't sure what value you should use, please contact support (support@getdbt.com).

The 'SAML Settings' page
The 'SAML Settings' page

Under Attribute Statements, enter the following:

  • Name: email
  • Name format: Unspecified
  • Value: ${user.email}

Click Next to continue.

Attribute Statements on the 'SAML Settings' page
Attribute Statements on the 'SAML Settings' page

Lastly, select I'm an Okta customer adding an internal app, and select This is an internal app that we have created. Click Finish to finish setting up the app.

Final Setup
Final Setup

On the next page, click View Setup Instructions. There are three values here that you'll need to provide us to complete your account setup: Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate. Send these values to us via support (either in-app via Intercom, or via email at support@getdbt.com), and we'll get back to you when the Okta integration is ready to use.

SAML Credentials
SAML Credentials