All Collections
Enterprise org administration
Set up SAML SSO & SCIM with Okta
Set up SAML SSO & SCIM with Okta

For Enterprise org admins: Learn how to set up both SAML SSO and SCIM if you use Okta as your identity provider

Updated over a week ago

SAML SSO and SCIM are available for organizations on Coda's Enterprise plan. This article is intended for org admins who use Okta as their Identify Provider. Below we will walk through the specific steps necessary to set up both SSO and SCIM in Coda. If you use a different Identity Provider, please check out this article instead.

ℹ️ Please note that SSO and SCIM are only available to customers on Coda’s Enterprise plan.

Within this article you’ll find...

Supported features

SAML and SCIM allow org admins to authenticate and provision users in their organization. Within Coda, the following SAML and SCIM features are supported for Okta:

  • SAML:

    • IdP-initiated SSO

    • SP-initiated SSO

    • Just-In-Time provisioning

  • SCIM:

    • Create users

    • Update user attributes

    • Deactivate users

    • Group push

For more information on the listed features, visit the Okta Glossary.

Configure SAML SSO with Okta

The instructions in this article are specific to Okta. If you use a different identity provider, please refer to this article instead.

Part 1: Enable SSO in Coda

The first step to setting up SSO is to enable it for your org on Coda. If you’re an org admin, you can follow the steps below to do so:

  1. In the lower left corner, click on More options. Then select Organization settings.

  2. Click into the Authentication tab

  3. Scroll down to the Authenticate with SSO (SAML) option, and toggle this on. Then click Configure SAML.

  4. Click into the SAML provider dropdown, and choose Okta from the list of options.

  5. Copy the Tenant ID value.

  6. Continue on to Part 2 below.

Enable SAML SSO for Okta.gif

Part 2: Create a new application in Okta

The next part of the process takes place in Okta.

  1. In the Okta Admin Dashboard, find Coda under your applications.

  2. Click into the Sign on tab, then click Edit.

  3. Scroll down to the Advanced Sign-on Settings section, and enter the value of the Tenant ID from previous section into the provided field. Then click Save.

  4. Slightly above the Advanced Sign-On Settings section, you should see a section titled Metadata details. Locate and copy the Metadata URL. You’ll need this URL for part 3.

Configure SAML SSO in Okta.gif

Part 3: Configure SAML SSO in Coda

  1. Back in the Coda SAML setup dashboard, paste the URL from the step above into the Metadata URL field (found in the From Okta section on the right). Click the Import button.

    1. Sign on URL, Issuer, and Signing certificate will auto-fill. Make any manual edits if needed.

  2. Your SAML configuration for Okta -> Coda is complete. You can start assigning people to the application.


The following SAML attributes are supported for Okta:


FieldName from Okta

First name


Last name


Service provider-initiated SSO

To initiate SSO from Coda:

  1. Click SSO

  2. Enter your email address and click Continue

Configure SCIM with Okta

Part 1: Enable SCIM in Coda

The first step is to enable SCIM within your Coda organization settings. Note that you must be an Enterprise org admin to follow these steps:

  1. In the lower left corner, select More options, then select Organization Settings

  2. Go to the Provisioning tab.

  3. Ensure Provision with SCIM is enabled.

  4. Click Generate New Token. (Note: Only one SCIM token is valid at a time. If SCIM was previously configured, generating a new token invalidates the previous token.)

  5. Note the SCIM Base URL and SCIM Bearer Token. You will need this information later.

Ent enable SCIM.gif

Part 2: Configure SCIM in Okta

Next, you’ll need to configure SCIM within Okta:

  1. In Okta, click on the Provisioning tab in your Coda integration app.

  2. Click Configure API Integration.

  3. Check the resulting Enable API Integration checkbox.

  4. Copy the SCIM Base URL from Coda (see the steps in the section above) into the Base URL field.

  5. Copy the SCIM Bearer Token from Coda into the API Token field.

  6. If you want to enable provisioning of groups in Coda, check the Import Groups checkbox. This will allow users in Coda to share with groups of users that you define in Okta.

  7. Click Test API Credentials to verify you have correctly completed these steps.

  8. Finally, click Save to enable provisioning.

Configure SCIM in Okta.gif

Related resources

Did this answer your question?