Follow our guide to set up single sign-on (SSO) into Fivetran using the Fivetran Okta gallery application.
Prerequisiteslink
To set up Okta SSO with Fivetran, you need an Okta SuperAdmin or AppAdmin account and a Fivetran account with the Account Administrator Account role.
In Oktalink
Add and configure the Fivetran applicationlink
-
Log in to your Okta Admin Console and go to Applications - Applications.
-
Click Browse App Catalog.
-
Enter Fivetran in the search box.
-
Select the Fivetran application.
-
Click Add.
-
In the General Settings tab of the Add Fivetran page, leave the pre-configured settings unchanged and click Next.
-
In the Sign-On Options tab on the Add Fivetran page, leave the pre-configured settings unchanged and click Done.
-
In the Assignments tab on the Fivetran app page, assign the Fivetran app to the users with a Fivetran account.
NOTE: Fivetran supports Just-In-Time (JIT) user provisioning. If you assign users without a Fivetran account, Fivetran will create new accounts for them with the read-only access. You will need to grant the newly created users write access to your Fivetran account.
Get Sign on URL, Issuer and Public certificatelink
To complete setup in Fivetran, you need the Sign on URL, Issuer and Public certificate. Follow these steps to get them:
-
In the Sign On tab on the Fivetran app page, click View Setup Instructions.
-
Make a note of the Sign on URL, Issuer, and Public certificate values. You will need them to configure Fivetran.
NOTE: Your public certificate should not include leading and trailing labels such as
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
. Copy only the value between these labels.TIP: When configuring Single Sign-On with Okta in Fivetran, log in to your Okta account and go the Fivetran app page to be able to copy-paste the values.
In Fivetranlink
NOTE: By default, Fivetran allows Just-In-Time (JIT) user provisioning. If you don’t have a Fivetran user for the specified Okta user, the Fivetran user will be created automatically with the read-only access. To grant the newly created user write access to your Fivetran account, log in as the Account Administrator and go to the Account Management page. On the Users tab, manage the user’s permissions.
-
Go to the account management page in your Fivetran dashboard.
-
Go to the Settings tab.
-
Toggle the Enable SAML authentication selector to ON.
-
Fill the Sign on URL, Issuer and Public certificate fields with the values you noted in Step 2: Get Sign on URL, Issuer and Public certificate.
-
Click Save Config at the bottom of the settings page. You’ll see Account settings successfully saved.
Testing SSO (Optional)link
IMPORTANT: If you assigned the Fivetran app to a user who doesn’t have a corresponding Fivetran user, you need to grant them write access after they have been automatically provisioned in your Fivetran account.
To test SSO, follow these steps:
- In Okta, log in to the Okta End-User Dashboard as the user you have granted access to.
- Click Fivetran. You will be redirected to your Fivetran dashboard.