Single sign-on with Okta
This page shows you how to set up Pinecone with Okta as the single sign-on (SSO) provider.
Before you begin
This page assumes you have the following:
- Access to your organization’s Pinecone console as an organization owner.
- Access to your organization’s Okta Admin Console.
1. Create an app integration in Okta
-
In the Okta Admin Console, navigate to Applications > Applications.
-
Click Create App Integrations.
-
Select SAML 2.0.
-
Click Next.
-
Enter the General Settings:
- App name:
Pinecone
- App logo (optional)
- App name:
-
Click Next.
-
Enter the SAML Settings. For now, use placeholder values:
- Single sign-on URL:
https:changeme.com
- Audience URI (SP Entity ID):
urn:auth0:production-v2-pinecone-io:changeme
- Name ID format:
Unspecified
- Application username:
Okta username
- Update application username on:
Create and update
The placeholder values will be updated once the SSO keys are created.
- Single sign-on URL:
-
Click Finish.
2. Get the application sign on URL
-
In a separate window, navigate to Applications > Pinecone > Sign On.
-
Click More details.
-
Copy the Sign on URL.
You will enter this URL in Step 4.
3. Generate the SAML signing certificate
-
In Applications > Pinecone > Sign On, click Generate new certificate.
-
For the new certification, click Actions > Download certificate.
You will need to enter this certificate value in Step 4.
4. Enable SSO in Pinecone
-
Back in the Pinecone console, navigate to Settings > Account.
-
In the Single Sign-On section, click Enable SSO.
-
In the Login URL field, enter the URL copied in Step 2.
-
In the Email domain field, enter your company’s email domain.
-
In the Certificate field, enter the certificate value downloaded in Step 3.
Be sure to enter all of the certificate value, including the--BEGIN--
and--END--
tags. -
Click Enable SSO.
SSO Keys displays. You will need to enter these values in Step 5.
5. Update the SAML settings in Okta
-
Back in the Okta Admin Console, navigate to Application Settings > Applications > General.
-
In the SAML Settings section, click Edit.
-
Replace the placeholder values with the information from the SSO Keys section in Step 4:
- Single sign-on URL: Enter the AssertionConsumerServiceLocation value.
- Audience URI (SP Entity ID): Enter the entityId value.
- Name ID format:
EmailAddress
-
In the Attribute Statements section, enter the following:
- Name:
email
- Value:
user.email
- Name:
-
Click Next.
-
Click Finish.
Okta is now ready to be used for single sign-on. Follow the Okta docs to learn how to add users and groups.
Was this page helpful?