Okta single sign-on (SSO)

This article shows how to configure Okta as the identity provider for Databricks.

Gather required information

  1. Log in to Databricks as an administrator.
  2. Go to the admin console.
  3. Click Single Sign On.
  4. Copy the Databricks SAML URL.

Do not close this browser tab.

Configure Okta

  1. In a new browser tab, log into Okta as an administrator.

  2. In the home page, click Applications > Applications.

  3. Click Create App Integration.

  4. Select SAML 2.0 and click Next.

  5. Set App name to Databricks SSO and click Next.

  6. Configure the application using the following settings:

    Important

    Email addresses in Databricks are case sensitive. Before enabling SSO, verify that email addresses for existing Databricks users match exactly with the email addresses in Okta.

  7. Click Advanced settings. Ensure that Response is set to Signed (the default). Signing the assertion is optional. Do not modify other advanced settings.

    Important

    Assertion encryption must be set to Unencrypted.

  8. Click Hide advanced settings.

  9. Click Next.

  10. Select I’m an Okta customer adding an internal app.

  11. Click Finish. The Databricks SAML app is shown.

  12. Under SAML 2.0 is not configured until you complete the setup instructions, click View Setup Instructions.

  13. Copy the following values:

    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • x.509 certificate

Configure Databricks

  1. Go back to the browser tab for Databricks.
  2. In the admin console, click Single Sign On.
  3. Set Single Sign-On URL to the Identity Provider Single Sign-On URL from Okta.
  4. Set Identity Provider Entity ID to the Identity Provider Issuer from Okta.
  5. Set x.509 Certificate to the x.509 certificate from Okta, including the markers for the beginning and ending of the certificate.
  6. Click Enable SSO.
  7. Optionally, click Allow auto user creation.

Test the configuration

  1. In an incognito browser window, go to your Databricks workspace.
  2. Click Single Sign On. You are redirected to Okta.
  3. Log in to Okta. If SSO is configured correctly, you are redirected to Databricks.

If the test fails, review Troubleshooting.