# Okta

* [Enable Okta](#enable-okta)
* [Login via Okta](#login-via-okta)
* [Add Users to e6data via Okta](#add-users-to-e6data-via-okta)
* [Remove Users from e6data via Okta](#remove-users-from-e6data-via-okta)
* [Disable Okta](#disable-okta)

## Enable Okta

1. Navigate to **Access Control > SSO** from the left side menu.
2. Click on **Add Identity Provider**
3. Provide a name for your Identity Provider
4. Select **Okta**&#x20;
5. Click **Next**&#x20;
6. Follow these steps to [create a new SAML app integration](https://help.okta.com/en-us/Content/Topics/Apps/Apps_App_Integration_Wizard_SAML.htm) in Okta.
   1. In Okta, when prompted for a **Single sign-on URL**, copy & paste the **Single sign-on URL** shown on the e6data SSO page.
   2. In Okta, when asked for an **Audience URI (SP Entity ID)**, copy & paste the **Audience URI (SP Entity ID)** shown on the e6data SSO page.
   3. In the **Attribute Statements (optional)** section create the attributes in Okta identical to those shown on the e6data SSO page. [More information on defining attribute statements can be found here.](https://help.okta.com/en-us/Content/Topics/Apps/define-attribute-statements.htm)

{% embed url="<https://www.loom.com/share/0f418073449f456b8dff951b92088792>" %}
How to enable & configure Okta
{% endembed %}

## Login via Okta

Users can log in by:&#x20;

* Clicking the **Single Sign-On (SSO)** button in the e6data platform.
* Using the [Okta end-user dashboard](https://help.okta.com/en-us/Content/Topics/Settings/new-end-user-dashboard.htm).

SuperAdmin will be able to log in using both SSO and username/password authentication.

## Add Users to e6data via Okta

Please follow [this guide from Okta to assign users](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-assign-apps.htm) to the application created during SSO setup.

Once a user is added to the e6data application they will be able to [log in via the Okta](#login-via-okta) end-user dashboard.

By default, new users are assigned the Viewer role (least privilege). The user's role [should be changed](https://docs.e6data.com/product-documentation/~/revisions/W5MExJCuvHiG1ioEcgOy/access-control/users) by the SuperAdmin or AccessAdmin after the first login.

## Remove Users from e6data via Okta

Please follow [this guide from Okta to remove user access](https://help.okta.com/en-us/Content/Topics/users-groups-profiles/usgp-unassign-apps.htm) to the application created during SSO setup.

## Disable Okta

1. Navigate to **Access Control > SSO** from the left side menu.
2. Toggle **Integrate SSO** to the disabled position.

*<mark style="color:blue;">**Important: When SSO is disabled, each user added using SSO will need to reset their password.**</mark>*

{% embed url="<https://www.loom.com/share/0f418073449f456b8dff951b92088792>" %}
Okta
{% endembed %}