Skip to main content
Version: User Guides (Cloud)

Single Sign-on with Okta
Public Preview

Single sign-on (SSO) is a feature that allows users to log in to multiple applications or services with a single set of credentials, rather than requiring separate logins for each.

Zilliz Cloud uses Okta as the identity provider (IdP) to enable SSO. Using the SAML 2.0 protocol, this feature works at the organization level. By integrating with Okta, you can sign in using your Okta credentials to access Zilliz Cloud resources.

This topic describes how to enable SSO with Okta.

📘Notes

The SSO feature is currently in Public Preview and available only to users in the whitelist. If you are interested in using this feature, please submit a ticket.

AbFzbkyF8o294XxEXBzchRpsnHc

Before you start​

Before you begin the SSO configuration, make sure the following conditions are met:

  • You are the Organization Owner of the organization where SSO is to be configured.

  • You have Admin access to the Okta console. For more information, refer to Okta official documentation.

Step 1: Initialize setup on Zilliz Cloud​

  1. Log in to the Zilliz Cloud console and go to the organization for which you want to configure SSO.

  2. In the left-side navigation pane, choose Settings.

  3. On the System Settings page, choose Actions > Configure in the Single Sign-On (SSO) area.

  4. In the Configure Single Sign-On (SSO) dialog box, copy the URL in the Zilliz Cloud Redirect URL field. This will be required for setting up your IdP in the Okta console.

Keep this browser tab open. Proceed to step 2 for IdP settings in the Okta console.

sso-1

Step 2: Create an integration in the Okta console​

  1. Log in to the Okta Admin console.

  2. In the left-side navigation pane, choose Applications > Applications.

  3. Click Create App Integration.

  4. In the Create a new app integration dialog box, select SAML 2.0 and click Next.

  5. Set a custom app name and click Next.

  6. In the Configure SAML step, configure SAML settings. The required parameters are as follows:

    • Single sign-on URL: Enter the URL obtained in step 1. This URL is where the SAML assertion is sent via HTTP POST.

    • Audience URI (SP Entity ID): Enter the URL obtained in step 1. This is the identifier that the IdP uses to recognize the Service Provider, which in this case is Zilliz Cloud.

  7. Click Finish. You will be redirected to the application page.

    sso-2-1

  8. In the SAML 2.0 card of the Sign On tab, click More details. Then, copy the following credentials and certificate: Sign on URL, Issuer, and Signing Certificate. This will be required for setting up your IdP in the Zilliz Cloud console.

    For more information about Okta settings, refer to Okta official documentation.

    sso-2-2

Step 3: Configure IdP on Zilliz Cloud​

Go back to the Zilliz Cloud console to complete IdP settings.

  1. In the Configure IdP step, configure IdP settings using the credentials and certificate obtained from Okta in step 2.

    • Single Sign-On URL: Paste the Sign on URL value obtained from Okta into this field. This URL receives the SAML authentication requests from Okta.

    • Entity ID: Paste the Issuer value obtained from Okta into this field. This identifier is used to distinguish the issuer of SAML requests, responses, or assertions, ensuring that messages from Okta are correctly recognized and accepted by Zilliz Cloud.

    • Certificate: Paste the Signing Certificate value obtained from Okta into this field. This public key certificate is used to verify the digital signatures of SAML assertions, enabling Zilliz Cloud to authenticate the source of the SAML data securely.

  2. Click Next to go to the Enable SSO step, complete settings as needed, and then click Save.

    • Enable SSO: decides whether to enable the SSO feature for your organization users. If toggled off, you cannot authenticate users with your IdP.

    • SSO Login URL: customizes the URL used to log in to the Zilliz Cloud console. You can specify an alias as needed. In the Preview section, you can view the custom URL used for SSO login.

  3. In the dialog box that appears, obtain the URL for SSO login.

    📘Notes

    After setup, you can also obtain the SSO Status and Login URL by selecting Settings > Single Sign-On (SSO) on the organization settings page.

sso-3

Step 4: Assign app integration to end user​

Before users can access Zilliz Cloud through the provided SSO login link, you need to make sure that the app is properly set up and assigned to each user.

  1. In the Okta Admin console, choose Directory > People.

  2. On the Applications tab, click Assign Applications.

  3. In the Assign Applications dialog box, find the target application and click Assign. Then, click Done.

  4. In Username, enter the email address of your organization user and click Save and Go Back. Then, this user can access Zilliz Cloud via the SSO login URL.

sso-4

For more information, refer to Okta official documentation.

Test configuration​

To ensure your SSO setup is functional:

  1. Access the SSO login URL using a new browser window. You will be redirected to the Okta login page.

  2. Log in using the user that has been assigned with the Okta application. You will be redirected to the Zilliz Cloud console if SSO is configured correctly.