Follow our guide to set up single sign-on (SSO) into Fivetran using the Fivetran Okta gallery application.
To set up Okta SSO with Fivetran, you need an Okta SuperAdmin or AppAdmin account and a Fivetran account with the Account Administrator Account role.
Add and configure the Fivetran applicationlink
Log in to your Okta Admin Console and go to Applications - Applications.
Click Browse App Catalog.
Enter Fivetran in the search box.
Select the Fivetran application.
In the General Settings tab of the Add Fivetran page, leave the pre-configured settings unchanged and click Next.
In the Sign-On Options tab on the Add Fivetran page, leave the pre-configured settings unchanged and click Done.
In the Assignments tab on the Fivetran app page, assign the Fivetran app to the users with a Fivetran account.
NOTE: Fivetran supports Just-In-Time (JIT) user provisioning. If you assign users without a Fivetran account, Fivetran will create new accounts for them with the read-only access. You will need to grant the newly created users the relevant role with the corresponding permissions.
Get Sign on URL, Issuer and Public certificatelink
To complete setup in Fivetran, you need the Sign on URL, Issuer and Public certificate. Follow these steps to get them:
In the Sign On tab on the Fivetran app page, click View Setup Instructions.
Make a note of the Sign on URL, Issuer, and Public certificate values. You will need them to configure Fivetran.
NOTE: Your public certificate should not include leading and trailing labels such as
-----END CERTIFICATE-----. Copy only the value between these labels.
TIP: When configuring Single Sign-On with Okta in Fivetran, log in to your Okta account and go the Fivetran app page to be able to copy-paste the values.
NOTE: By default, Fivetran allows Just-In-Time (JIT) user provisioning. If you don’t have a Fivetran user for the specified OneLogin user, the Fivetran user will be created automatically with the read-only access. To grant the newly created user the relevant role with the corresponding permissions, log in as a Fivetran user with the Users: Manage permission and manage the user’s roles and permissions on the Users tab of the Account Management page.
Go to the Settings tab.
Toggle the Enable SAML authentication selector to ON.
Fill the Sign on URL, Issuer and Public certificate fields with the values you noted in Step 2: Get Sign on URL, Issuer and Public certificate.
Click Save Config at the bottom of the settings page. You’ll see Account settings successfully saved.
Testing SSO (Optional)link
IMPORTANT: If you assigned the Fivetran app to a user who doesn’t have a corresponding Fivetran user, you need to grant them write access after they have been automatically provisioned in your Fivetran account.
To test SSO, follow these steps:
- In Okta, log in to the Okta End-User Dashboard as the user you have granted access to.
- Click Fivetran. You will be redirected to your Fivetran dashboard.