# Okta SAML Integration SAML (Security Assertion Markup Language) is an open standard for exchanging security information and providing single sign-on (SSO) between 2 parties: an identity provider (IdP) and a service provider (SP). This document walks you through setting up SAML-based authentication between DeltaStream (SP) and [Okta (IdP)](https://developer.okta.com/docs/concepts/saml/). Find the Okta documentation for configuring the SAML integration at ### Initial Okta Setup 1. Log into your Okta dashboard. Then from the applications menu click **Create App Integration**.

2. For the sign-in method, click **SAML 2.0** and then click **Next**.

3. Update the **General Settings** for the DeltaStream app integration. Optionally, also set up the [DeltaStream Logo](http://deltastream-static-assets.s3-website-us-west-2.amazonaws.com/LogoVertical.png) for your application.

4. Set up the SAML integration with the following values: {% hint style="warning" %} **Important** You must retain the default values for any setting not mentioned below. {% endhint %} #### General settings

Field	Value
Single sign-on URL	`https://auth.deltastream.io/login/callback?connection=ds-okta-saml-placeholder`
Audience URI	`urn:auth0:deltastream:ds-okta-saml-placeholder`
Name ID format	`EmailAddress`
Application Username	`Email`
Update application username on	`Create and update`

#### Attribute Statements Click **Add another** and add the following mappings:

Name	Name format	Value
email	Basic	`user.email`
firstName	Basic	`user.firstName`
lastName	Basic	`user.lastName`

The screenshot below provides a visual reference. Enter the required values and then click **Next**.

5. Contact DeltaStream at [ops@deltastream.io](mailto:http://deltastream-static-assets.s3-website-us-west-2.amazonaws.com/LogoVertical.png) and provide the following information: * Your company's name * Your company's email domain * First Org admin's email address (you can add more later) * Saml 2.0 Metadata URL Navigate to the SAML Application `Sign On` tab for the values for Metadata URL. Do not use values from the `General` tab. ### Complete Okta Setup After the integration is complete, DeltaStream provides you with the final **Audience URI,** which you must update in Okta. To do this: 1. Log into your OKTA dashboard. Then, from the **applications** menu, click **DeltaStream**.

2. Click to activate the **General** tab. Then, for **SAML Settings**, click **Edit**.

3. On the **General Settings** page, click **Next**.

4. Update the **Single sign-on URL** with the value DeltaStream provides you. 5. Update the **Audience URI (SP Entity ID)** with the value DeltaStream provides you. 6. Click **Next** and **Finish** to complete editing the Okta integration. ## References * * --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.deltastream.io/enterprise-security-integrations/okta-saml-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.