Set up single sign-on (SSO) for Amplitude using Okta

Amplitude provides a single sign-on integration with Okta for customers on Scholarship, Growth, or Enterprise plans.

Before you begin

For some general information about SSO, see our Help Center article on SSO in Amplitude.

In order to set up SSO, you must be an org admin for your Amplitude organization. You must also be able to configure your organization in Okta.

Set up SSO for Amplitude using Okta

To configure SSO for Amplitude using Okta, follow these steps:

1. In Okta, navigate to the admin dashboard and click Applications.
   
2. On the Applications page, click Create App Integration.
   
   
   
3. In the modal that appears, select the SAML 2.0 radio button and click Next.
   
   
   
4. Enter a name for the app. For easier recognition, you can also upload a logo to go with it. Then click Next.
   
   
   
5. Next, you'll configure your SAML settings. Enter the single sign-on URL (ACS URL) and the audience URL (Entity ID) in the appropriate spaces. Then, from the Application username dropdown, select Email.
   
   

You can find the Entity ID and Assertion Consumer Service URL in Amplitude, under Settings > ORG SETTINGS > Access & SSO Settings > Single Sign-On settings.

6. Once the app is created, view the identity provider (IdP) metadata (found on the Sign On tab in Okta).
   
   
   
   

7. Click the metadata to display the XML. Save this as an .xml file (Many browsers allow saving the active page as a file and can use the .xml suffix).
   
   

8. In Amplitude, navigate to Settings > ORG SETTINGS > Access & SSO Setting > Single Sign-On Settings and upload the metadata file, or download it from a URL.
9. Save your changes to enable SSO.