Setting up Okta SSO for Dagster+#

In this guide, you'll configure Okta to use single sign-on (SSO) with your Dagster+ organization.

Prerequisites#

To complete the steps in this guide, you'll need:

• An existing Okta account
• To install the dagster-cloud CLI
• The following in Dagster+:
  • A Pro plan
  • Access to a user token
  • Organization Admin permissions in your organization

Step 1: Add the Dagster+ app in Okta#

1. Sign in to your Okta Admin Dashboard.

2. Using the sidebar, click Applications > Applications.

3. On the Applications page, click Browse App Catalog.

   

4. On the Browse App Integration Catalog page, search for Dagster+:

   

5. Add and save the application.

Step 2: Configure SSO in Okta#

1. In Okta, open the application and navigate to its General Settings.

2. In the Subdomain field, enter your Dagster+ organization name. This is used to route the SAML response to the correct Dagster+ subdomain.

   In the following example, the organization name is hooli and our Dagster+ domain is https://hooli.dagster.cloud. To configure this correctly, we'd enter hooli into the Subdomain field:

   

3. When finished, click Done.

Step 3: Upload the SAML metadata to Dagster+#

Next, you'll save and upload the application's SAML metadata to Dagster+. This will enable single sign-on.

1. In Okta, navigate to the Dagster+ application.

2. Navigate to Sign On.

3. Click Identity Provider metadata to initiate a download. This will save the SAML metadata file to your computer.

   

4. After you've downloaded the SAML metadata file, upload it to Dagster+ using the dagster-cloud CLI:

   dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \
      --api-token=<user_token> \
      --url https://<organization_name>.dagster.cloud
   

Step 4: Grant access to users#

Next, you'll assign users to the Dagster+ application in Okta. This will allow them to log in using their Okta credentials when the single sign-on flow is initiated.

1. In the Dagster+ application, navigate to Assignments.
2. Click Assign > Assign to People.
3. For each user you want to have access to Dagster+, click Assign then Save and Go Back.

Step 5: Test your SSO configuration#

Lastly, you'll test your SSO configuration:

• Service provider (SP)-initiated login
• Identity provider (idP)-initiated login

Testing a service provider-initiated login#

1. Navigate to your Dagster+ sign in page at https://<organization_name>.dagster.cloud

2. Click the Sign in with SSO button.

3. Initiate the login flow and address issues that arise, if any.

Testing an identity provider-initiated login#

In the Okta Applications page, click the Dagster+ icon:

If successful, you'll be automatically signed into your Dagster+ organization.