SAML 2.0

Contact Sales to Enable BYOC

This topic describes how to configure single sign-on (SSO) with Okta using the SAML 2.0 protocol.

SAML 2.0 is a standard protocol used by many identity providers and offers broad compatibility. Choose this option if your organization requires SAML 2.0 for compliance reasons. For details, refer to Okta official documentation.

📘Notes

Zilliz Cloud SSO is currently available in General Availability. For access and implementation details, please contact Zilliz Cloud support.

Before you start

Before you begin the SSO configuration, make sure the following conditions are met:

• You are the Organization Owner of the organization where SSO is to be configured.

• You have Admin access to the Okta console. For more information, refer to Okta official documentation.

Step 1: Create SAML app integration in Okta

1. Log in to the Okta Admin console.

2. In the left-side navigation pane, choose Applications > Applications.

3. Click Create App Integration.

4. In the Create a new app integration dialog box, select SAML 2.0 and click Next.

5. Set a custom app name and click Next.

6. In the Configure SAML step, you'll need to provide some information. For now, use any placeholder values. Example:

   • Single Sign On URL: https://cloud.zilliz.com/sso/saml/acs (You'll update this later)

   • Audience Restriction: https://cloud.zilliz.com (You'll update this later)

7. Click Next, review your settings, then click Finish. You will be redirected to the application page.

   

8. In the SAML 2.0 card of the Sign On tab, click More details. Then, copy the following credentials and certificate: Sign on URL, Issuer, and Signing Certificate. This will be required for setting up your IdP in the Zilliz Cloud console.

   For more information about Okta settings, refer to Okta official documentation.

   

Step 2: Configure SAML SSO on Zilliz Cloud

1. Log in to the Zilliz Cloud console and go to the organization for which you want to configure SSO.

2. In the left-side navigation pane, choose Settings.

3. On the Settings page, find the Single Sign-On (SSO) section and click Configure.

4. In the Configure Single Sign-On (SSO) dialog, you will see two options - SAML 2.0 and Okta Workforce. For this guide, select SAML 2.0 to proceed with the SAML 2.0 integration.

5. In the Configure Single Sign-On (SSO) step, enter the IdP settings using the credentials and certificate obtained from Okta in Step 1.

   • Single Sign-On URL: Paste the Sign on URL value obtained from Okta into this field. This URL receives the SAML authentication requests from Okta.

   • Entity ID: Paste the Issuer value obtained from Okta into this field. This identifier is used to distinguish the issuer of SAML requests, responses, or assertions, ensuring that messages from Okta are correctly recognized and accepted by Zilliz Cloud.

   • Certificate: Paste the Signing Certificate value obtained from Okta into this field. This public key certificate is used to verify the digital signatures of SAML assertions, enabling Zilliz Cloud to authenticate the source of the SAML data securely.

6. Click Save to proceed.

Step 3: Update Okta app integration

After saving the Okta integration details on Zilliz Cloud, you'll be provided with a redirect URL:

1. Copy the provided redirect URL from the Zilliz Cloud console.

2. Return to the Okta Admin console and navigate to the Zilliz Cloud application you created.

3. Edit the SAML settings and update the following fields with the redirect URL you copied from Zilliz Cloud:

   • Single sign-on URL

   • Audience Restriction

4. Save the changes in the Okta Admin Console.

5. Go back to the Zilliz Cloud console and confirm that you've added the redirect URL in Okta.

You will also see a Zilliz Cloud login URL. Save this URL as it will be used for SSO login once the setup is complete.

Step 4: Assign Okta application to users

Before users can access Zilliz Cloud through SSO, you need to assign the Okta application to them:

1. In the Okta Admin console, go to Directory > People.

2. Select a user and go to the Applications tab.

3. Click Assign Applications and find the Zilliz Cloud application.

4. Assign the application to the user and save the changes.

Repeat this process for all users who need SSO access to Zilliz Cloud. For more information, refer to Okta official documentation.

Test configuration

To ensure your SSO setup is functional:

1. Open a new browser window and navigate to the Zilliz Cloud SSO login URL provided earlier.

2. You should be redirected to the Okta login page.

3. Log in using the credentials of a user who has been assigned the Zilliz Cloud application in Okta.

4. If SSO is configured correctly, you will be redirected to the Zilliz Cloud console after successful authentication.

📘Notes

By default, users logging in via SSO are granted the Organization Member role. To expand their permissions, you can modify their roles in the Zilliz Cloud console.

If you encounter any issues during the setup or testing process, please contact Zilliz support for assistance.