Single Sign-On With Okta

​

Requirements

• You will need to be the Admin of the Statsig Organization you intend to add SSO with Okta to.
• You will need to be the Administrator of the Okta account you want to link.

​

Supported Features

• Service Provider(SP)-Initiated Authentication for Single Sign-On (SSO). This flow is initialized when logging in on the Statsig website.
• Identity Provider(IDP)-Initiated Authentication for SSO. This flow is initialized when launching the Statsig App from Okta.
• Just-In-Time (JIT) provisioning for SSO. Upon successful login for the first time, Statsig automatically provisions an account for the user.

​

Configuration

​

Adding the Statsig OIDC Application in Okta

1. Navigate to your Okta portal.
2. On your Okta portal, click on Applications on the left-hand-column, and click into Applications in the dropdown.
   
3. On the Applications page, click on the Browse App Catalog button.
   
4. On the App Catalog page, use the searchbox to search for Statsig and click on the Statsig OIDC Application.
5. In the Statsig Application, click on the Add button.
   
6. After creating the Statsig OIDC Application in Okta, navigate to the Sign On tab in the Application, note the Client ID and Client Secret fields that will be needed to enable Single Sign-On with OIDC on the Statsig Project. Also note that when adding the Statsig OIDC Application in Okta, the sign-in and sign-out redirect URIs are automatically configured.
   

​

SP-Initiated SSO

1. Navigate to https://console.statsig.com/sso
2. Enter your email address and click on “Authenticate”
3. You will be redirected to authenticate with Okta. If prompted, enter your Okta credentials.
4. Upon successful authentication, you will be redirected and logged in to Statsig.

​

Proof Key for Code Exchange (PKCE)