NOTEOkta SSO is available for both SaaS and dedicated cloud installations of Datafold.
Create Okta App Integration
INFOCreating an App Integration in Okta may require admin privileges.

- App integration name: A name to identify the integration. We suggest you use
Datafold
. - Grant type: Should be set to
Authorization code
automatically. - Sign-in redirect URI:
The redirect URL should be
https://app.datafold.com/oauth/okta/client_id
, where client_id
is the Client ID of the configuration.CAUTION
You will be given the Client ID after saving the integration and need to come back to update the client ID afterwards.
- Sign-out redirect URIs: Leave this empty.
- Trusted Origins: Leave this empty too.
- Assignments: Select
Skip group assignment for now
. Later you should assign the correct groups and users. - Click “Save” to create the app integration in Okta.

- Edit “General settings”
- Scroll down to the Login section
- Update the Sign-in redirect URI. See above for details.
- Click “Save” to persist the changes.
Set Up Okta-initiated login
TIPOrganization admins will always be able to log in with either password or Okta. Non-admin users will be required to log in through Okta once configured.
- Edit “General settings”
- Set Login initiated by to
Either Okta or App
. - Set Application visibility to
Display application icon to users
. - Set Login flow to
Redirect to app to initiate login (OIDC Compliant)
. - Set Initiate login URI:
https://app.datafold.com/login/sso/client-id?action=desired_action
- Replace
client-id
with the Client ID of the configuration, and - Replace
desired_action
withsignup
if you enabled users auto-creation, orlogin
otherwise.

- Click “Save” to persist the changes.
Configure Okta in Datafold
To finish the configuration, create an Okta integration in Datafold. To complete the integration in Datafold, create a new integration by navigating to Settings → Integrations → SSO → Add new integration → Okta.
- Paste in your Okta Client Id and Client Secret.
- The Metadata Url of Okta OAuth server is
https://<okta-server-name>/.well-known/openid-configuration
, replaceokta-server-name
with the name of your Okta domain. - If you’d like to auto-create users in Datafold that are authorized in Okta, enable the Allow Okta to auto-create users in Organization switch.
- Finally, click Save.
TIPUsers can either be explicitly invited in Datafold by an admin user, using the same email as used in Okta, or they can be auto-created. When the
signup
action is set in the login URI, authenticated users on Okta who have been assigned as a user in Okta of the Datafold application will then be able to login. If that user has not yet been invited, Datafold will then automatically create a user for them, since they’re already authenticated by the Okta server of your domain. The user will then receive an email to confirm their email address.Synchronize state with Datafold [Optional]
This step is essential if you want to ensure that users from your organization are automatically logged out when they are unassigned or deactivated in Okta.- Navigate to Okta Admin panel → Workflow → Event Hooks
- Click Create Event Hook
- Set Name to
Datafold
- Set URL to
https://app.datafold.com/hooks/oauth/okta/<client-id>
- Set Authentication field to
secret
- Go to Datafold and generate a secret token in Settings → Integrations → SSO → Okta. Click the Generate button, copy it by using the Copy button and click Save. Use the pasted code in the Authentication secret field in Okta.

CAUTIONKeep this secret token safe as you won’t be able to see after saving your Integration.
- In Subscribe to events add events:
User suspended
,User deactivated
,Deactivate application
,User unassigned from app
- Click Save & Continue


- If the verification is successful, you have completed the setup.
Testing the Okta integration
- Visit https://app.datafold.com
- Type in your email and wait up to five seconds.
- The Okta button should switch from disabled to enabled.
- Click the Okta login button.
- The browser should be redirected to your Okta domain, authenticate the user there and be redirected back to the Datafold application.
support@datafold.com
.