Skip to main content
Version: User Guides (Cloud)

OpenID Connect

This topic describes how to configure single sign-on (SSO) with Okta using the OpenID Connect (OIDC) protocol.

OIDC is an authentication protocol built on top of OAuth 2.0. It allows for seamless and secure authentication between Zilliz Cloud and Okta. Choose this option if you're using Okta as your identity provider and want to take advantage of Okta-specific features and potentially simpler setup processes. For details, refer to Okta official documentation.

EfRWwnbKNhcXEwbL7EBcB66inrd

📘Notes

Though the SSO feature is in General Availability, please contact sales for access.

Before you start

Before you begin the SSO configuration, make sure the following conditions are met:

  • You are the Organization Owner of the organization where SSO is to be configured.

  • You have Admin access to the Okta console. For more information, refer to Okta official documentation.

Step 1: Create OIDC app integration in Okta

  1. Log in to the Okta Admin console.

  2. In the left-side navigation pane, choose Applications > Applications.

  3. Click Create App Integration.

  4. In the Create a new app integration dialog box, select OIDC - OpenID Connect as the sign-in method, then select Web Application as the application type. Click Next.

  5. Set up the new Web App integration with the following settings:

    • App integration name: Enter a name for your integration (e.g., Zilliz Cloud).

    • Grant type: Ensure Authorization Code is selected.

    • Sign-in redirect URIs: For now, use any placeholder value. You'll need to update this config later.

    • Controlled access: Choose Skip group assignment for now unless you want to set up specific group access.

  6. Click Save to create the application. Then, you'll be taken to the application's settings page.

  7. Find the Client Credentials section, and copy Client ID and Secret. You'll need these for Step 2 in Zilliz Cloud.

sso-oidc-2

Step 2: Configure Okta Workforce connection on Zilliz Cloud

  1. Log in to the Zilliz Cloud console and go to the organization for which you want to configure SSO.

  2. In the left-side navigation pane, choose Settings.

  3. On the Settings page, find the Single Sign-On (SSO) section and click Configure.

  4. In the Configure Single Sign-On (SSO) dialog, you will see two options - SAML 2.0 and Okta Workforce. For this guide, select Okta Workforce to proceed with the Okta Client integration.

  5. In the Okta Domain field, enter your domain name related to your organization (e.g. yourdomain.okta.com). For steps on how to obtain your domain name, refer to Find your Okta domain.

  6. Paste the Client ID and Secret you copied in Step 1 from the Okta Admin console.

  7. Click Save to proceed.

sso-oidc-1

Step 3: Update Okta app integration

After saving the Okta integration details on Zilliz Cloud, you'll be provided with a redirect URL:

  1. Copy the provided redirect URL from the Zilliz Cloud console.

  2. Return to your Okta Admin console and navigate to the application you've set up for Zilliz Cloud.

  3. In the General Settings area, edit the application settings.

    1. In the Sign-in redirect URIs field, paste the redirect URL you copied from Zilliz Cloud.

    2. Save the changes in the Okta Admin console.

  4. Go back to the Zilliz Cloud console and confirm that you've added the redirect URL in Okta.

You will also see a Zilliz Cloud login URL. Save this URL as it will be used for SSO login once the setup is complete.

sso-oidc-3

Step 4: Assign Okta application to users

Before users can access Zilliz Cloud through SSO, you need to assign the Okta application to them:

  1. In the Okta Admin console, go to Directory > People.

  2. Select a user and go to the Applications tab.

  3. Click Assign Applications and find the Zilliz Cloud application.

  4. Assign the application to the user and save the changes.

Repeat this process for all users who need SSO access to Zilliz Cloud. For more information, refer to Okta official documentation.

sso-4

Test configuration

To ensure your SSO setup is functional:

  1. Open a new browser window and navigate to the Zilliz Cloud SSO login URL provided earlier.

  2. You should be redirected to the Okta login page.

  3. Log in using the credentials of a user who has been assigned the Zilliz Cloud application in Okta.

  4. If SSO is configured correctly, you will be redirected to the Zilliz Cloud console after successful authentication.

📘Notes

By default, users logging in via SSO are granted the Organization Member role. To expand their permissions, you can modify their roles in the Zilliz Cloud console.

If you encounter any issues during the setup or testing process, please contact Zilliz support for assistance.