This guide is applicable to Dagster Cloud.
In this guide, you'll configure Okta to use single sign-on (SSO) with your Dagster Cloud organization.
To complete the steps in this guide, you'll need:
Sign in to your Okta Admin Dashboard.
Using the sidebar, click Applications > Applications.
On the Applications page, click Browse App Catalog.
On the Browse App Integration Catalog page, search for
Add and save the application.
In Okta, open the application and navigate to its General Settings.
In the Subdomain field, enter your Dagster Cloud organization name. This is used to route the SAML response to the correct Dagster Cloud subdomain.
In the following example, the organization name is
hooli and our Dagster Cloud domain is
https://hooli.dagster.cloud. To configure this correctly, we'd enter
hooli into the Subdomain field:
When finished, click Done.
Next, you'll save and upload the application's SAML metadata to Dagster Cloud. This will enable single sign-on.
In Okta, navigate to the Dagster Cloud application.
Navigate to Sign On.
Click Identity Provider metadata to initiate a download. This will save the SAML metadata file to your computer.
After you've downloaded the SAML metadata file, upload it to Dagster Cloud using the
dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \ --api-token=<user_token> \ --url https://<organization_name>.dagster.cloud
Next, you'll assign users to the Dagster Cloud application in Okta. This will allow them to log in using their Okta credentials with the sign in flow is initiated.
Lastly, you'll test your SSO configuration:
Navigate to your Dagster Cloud sign in page at
Click the Sign in with SSO button.
Initiate the login flow and address issues that arise, if any.
In the Okta Applications page, click the Dagster Cloud icon:
If successful, you'll be automatically signed into your Dagster Cloud organization.