# Okta SAML setup instructions Connect your Okta organization with Better Stack to enable single sign-on (SSO) for you and your colleagues. ## Supported features - IdP-initiated SSO - SP-initiated SSO - Just-in-Time provisioning ## Configuration steps ### In Better Stack 1. Go to [Single Sign-On settings](https://betterstack.com/settings/sso ";_blank") and click **Connect** in the **Okta SSO** section. 2. Copy the **Integration ID**. You will need it in a moment. ### In Okta 1. Sign in to your Okta organization. 2. Go to **Applications** → **Applications**. 3. Click **Browse App Catalog** and search for **Better Stack**. 4. Click **Add integration**, then **Done** to create the integration. 5. Go to the **Sign on** tab and click **Edit** next to **Settings**. 6. Scroll to **Advanced Sign-on Settings** and enter the **Integration ID** from Better Stack. 7. Click **Save**. 8. In the **Assignments** tab, assign your user account to the Better Stack application. You won't be able to finish the setup otherwise. 9. Return to the **Sign on** tab. 10. Go to **SAML Signing Certificates**, open the dropdown for the **SHA-2** certificate, and click **View IdP Metadata**. 11. Copy the metadata link. ### In Better Stack 1. Paste the metadata link into the corresponding field in your Better Stack SSO settings. Alternatively, you can enter the **Identity Provider Single Sign-On URL** and **X.509 Certificate** manually. 2. Click **Connect**. You will be redirected to Okta to sign in. Your Single Sign-On is now configured. 🎉 ## Optional: Just-in-time provisioning (JIT) 1. Go to [Teams](https://betterstack.com/settings/teams ";_blank"). 2. Click the three dots on the desired team and select **Configure**. 3. Add your email domain to **Pre-approved domains**. 4. Click **Save changes**. ## Optional: SP-initiated SSO The Okta Single Sign-On URL is available in your [Single Sign-On settings](https://betterstack.com/settings/sso ";_blank") under **Sign in URL**. The URL can also be constructed as follows: `https://betterstack.com/users/sign-in/sso/okta/[integrationId]`