Please note: this feature is in preview and needs to be activated by Ably for your account. Please contact us if you would like to try it.
SAML single sign-on (SSO) makes it possible for your Ably enterprise account members to authenticate through an identity provider (IdP) of your choice. Different IdP's can support different options and parameters for SAML, so please contact us to confirm your provider is compatible.
If your IdP is Okta, follow these steps to connect your account:
- Login as the owner of the enterprise account for which you want to enable SSO.
- Navigate to the Ably → Account Settings page.
- Scroll down to the Authentication Settings section and toggle on the Enable Single Sign-On option. This will display an SSO settings form. Take note of the Single sign on URL and Audience URI values, as these will be required in the next step.
- Follow the official Okta guide to enable SSO from Okta for the Ably application. Additional notes:
- Upload Ably logo;
- For the Name ID format field, select the EmailAddress option;
- For the Application username field, select the Email option;
- Ably requires users to present their full name. Okta can share user profile fields such as first name and last name values out as SAML attributes.
- Remember to assign users to the newly created Okta application.
- Locate the Identity Provider metadata provided by Okta for the new Ably application and navigate back to the Ably → Account Settings page.
- Complete the form with the provided by Okta values for:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
- Click on Save authentication settings