Setting up Okta SSO for Dagster Cloud#

This guide is applicable to Dagster Cloud.

In this guide, you'll configure Okta to use single sign-on (SSO) with your Dagster Cloud organization.


Prerequisites#

To complete the steps in this guide, you'll need:


Step 1: Add the Dagster Cloud app in Okta#

  1. Sign in to your Okta Admin Dashboard.

  2. Using the sidebar, click Applications > Applications.

  3. On the Applications page, click Browse App Catalog.

    Okta Browse App Catalog
  4. On the Browse App Integration Catalog page, search for Dagster Cloud:

    Okta App Integration Catalog
  5. Add and save the application.


Step 2: Configure SSO in Okta#

  1. In Okta, open the application and navigate to its General Settings.

  2. In the Subdomain field, enter your Dagster Cloud organization name. This is used to route the SAML response to the correct Dagster Cloud subdomain.

    In the following example, the organization name is hooli and our Dagster Cloud domain is https://hooli.dagster.cloud. To configure this correctly, we'd enter hooli into the Subdomain field:

    Okta Subdomain Configuration
  3. When finished, click Done.


Step 3: Upload the SAML metadata to Dagster Cloud#

Next, you'll save and upload the application's SAML metadata to Dagster Cloud. This will enable single sign-on.

  1. In Okta, navigate to the Dagster Cloud application.

  2. Navigate to Sign On.

  3. Click Identity Provider metadata to initiate a download. This will save the SAML metadata file to your computer.

    Okta Save Identity Provider Metadata
  4. After you've downloaded the SAML metadata file, upload it to Dagster Cloud using the dagster-cloud CLI:

    dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \
       --api-token=<user_token> \
       --url https://<organization_name>.dagster.cloud
    

Step 4: Grant access to users#

Next, you'll assign users to the Dagster Cloud application in Okta. This will allow them to log in using their Okta credentials with the sign in flow is initiated.

  1. In the Dagster Cloud application, navigate to Assignments.
  2. Click Assign > Assign to People.
  3. For each user you want to have access to Dagster Cloud, click Assign then Save and Go Back.

Step 5: Test your SSO configuration#

Lastly, you'll test your SSO configuration:

Testing a service provider-initiated login#

  1. Navigate to your Dagster Cloud sign in page at https://<organization_name>.dagster.cloud

  2. Click the Sign in with SSO button.

  3. Initiate the login flow and address issues that arise, if any.

Testing an identity provider-initiated login#

In the Okta Applications page, click the Dagster Cloud icon:

Okta idP Login

If successful, you'll be automatically signed into your Dagster Cloud organization.