Log in

Start Free Trial

Configuring SSO with Okta

This guide walks you through configuring SAML Single Sign-On (SSO) between Okta and StatusDrift. After completing this setup, your team members can authenticate to StatusDrift using their Okta credentials.

Prerequisites

  • An Okta administrator account with permissions to create applications
  • A StatusDrift account with Admin role
  • Access to both the Okta Admin Console and StatusDrift Account Settings

Step 1: Create a SAML Application in StatusDrift

  1. Log in to StatusDrift and navigate to Account Settings
  2. Select the Organization tab
  3. Scroll down to SAML Single Sign-On and click Add SAML Provider
  4. Enter the following details:
    • Alias: okta (or a unique identifier for this connection)
    • Display Name: Sign in with Okta
  5. Click Create & Continue

Step 2: Copy StatusDrift SP Metadata

After creating the SAML application, StatusDrift displays the Service Provider (SP) metadata. You will need these values when configuring Okta:

  • SP Entity ID (Audience URI): Copy this URL
  • Assertion Consumer Service (ACS) URL: Copy this URL
  • Single Logout Service (SLS) URL: Copy this URL (optional)
StatusDrift SP metadata showing Entity ID, ACS URL, and SLS URL
StatusDrift displays the SP metadata needed for your identity provider configuration

Keep this window open as you will return to it after configuring Okta.

Step 3: Create a SAML Application in Okta

  1. Log in to your Okta Admin Console
  2. Navigate to Applications > Applications
  3. Click Create App Integration
  4. Select SAML 2.0 and click Next
  5. Enter an App name (e.g., “StatusDrift”) and optionally upload a logo
  6. Click Next

Step 4: Configure SAML Settings in Okta

On the Configure SAML page, enter the following settings:

General Settings

SettingValue
Single sign-on URLPaste the ACS URL from StatusDrift
Audience URI (SP Entity ID)Paste the SP Entity ID from StatusDrift
Name ID formatEmailAddress
Application usernameEmail

Attribute Statements (Optional but Recommended)

Add the following attribute statements to pass user information:

NameValue
emailuser.email
firstNameuser.firstName
lastNameuser.lastName

Group Attribute Statements (For Role Mapping)

If you want to automatically assign roles based on Okta groups, add a group attribute statement:

NameFilterValue
groupsMatches regex.*

Click Next, then select the appropriate feedback option and click Finish.

Step 5: Get Okta IdP Metadata

  1. In your Okta application, go to the Sign On tab
  2. Scroll down to SAML Signing Certificates
  3. Click View SAML setup instructions or View IdP metadata
  4. Copy the following values:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer (Entity ID)
    • X.509 Certificate

Step 6: Complete Setup in StatusDrift

  1. Return to the StatusDrift SAML setup wizard
  2. Click Continue to Step 3
  3. Enter the Okta IdP details:
    • IdP Entity ID: Paste the Identity Provider Issuer from Okta
    • IdP SSO URL: Paste the Identity Provider Single Sign-On URL
    • IdP X.509 Certificate: Paste the certificate (including BEGIN/END lines)
StatusDrift IdP configuration form
Enter your identity provider details in StatusDrift

Configure SSO Behavior

  • Allow IdP-Initiated Login: Enable if you want users to start login from Okta
  • Just-In-Time User Provisioning: Enable to auto-create accounts on first login
  • Default Role: Select the role for JIT-provisioned users
  • Group Attribute: Enter “groups” if you configured group statements in Okta
  1. Click Complete Setup

Step 7: Assign Users in Okta

  1. In Okta, go to your StatusDrift application
  2. Click the Assignments tab
  3. Click Assign and select Assign to People or Assign to Groups
  4. Select the users or groups who should have access
  5. Click Save and Go Back

Step 8: Configure Group Mappings in StatusDrift (Optional)

To automatically assign StatusDrift roles based on Okta group membership:

  1. In StatusDrift, go to your SAML provider settings
  2. Click Manage Group Mappings
  3. Click Add Mapping
  4. Enter the Okta group name and select the corresponding StatusDrift role
  5. Set the target type (Organization or Monitor Group)
  6. Save your mappings
StatusDrift group mappings interface
Configure group-to-role mappings in StatusDrift

Example Group Mappings

Okta GroupStatusDrift RoleTarget
StatusDrift-AdminsAdminOrganization
StatusDrift-EngineersGlobal EditorOrganization
StatusDrift-SupportGlobal CommunicationOrganization
StatusDrift-ViewersGlobal ViewerOrganization

Testing the Integration

  1. Open an incognito/private browser window
  2. Navigate to the StatusDrift login page
  3. Click Sign in with SSO
  4. Enter your organization’s SSO alias (e.g., “okta”)
  5. You should be redirected to Okta for authentication
  6. After successful authentication, you will be redirected back to StatusDrift

Alternatively, if you enabled IdP-initiated login, users can click the StatusDrift app tile in their Okta dashboard.

Troubleshooting

Invalid Audience Error

Ensure the Audience URI in Okta exactly matches the SP Entity ID from StatusDrift, including the protocol (https://).

Certificate Errors

Make sure you copied the entire X.509 certificate including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

User Not Provisioned

If JIT provisioning is disabled, ensure the user has been manually invited to StatusDrift with the same email address used in Okta.

Groups Not Mapping

Verify that:

  • The Group Attribute Statement is configured in Okta
  • The Group Attribute field in StatusDrift matches the attribute name (“groups”)
  • The user is a member of the Okta group being mapped

Related Articles

Was this article helpful?

Related Articles

Team ManagementConfiguring SSO with Google WorkspaceTeam ManagementConfiguring SSO with Azure ADTeam ManagementCommon Team Workflow Scenarios

More in Team Management

View all 6 articles →

Need more help?

Contact our support team for personalized assistance.

Contact Support