SAML SSO and SCIM are available for organizations on Coda's Enterprise plan. This article is intended for org admins who use Okta as their Identify Provider. Below we will walk through the specific steps necessary to set up both SSO and SCIM in Coda. If you use a different Identity Provider, please check out this article instead.
ℹ️ Please note that SSO and SCIM are only available to customers on Coda’s Enterprise plan.
Within this article you’ll find...
Supported features
SAML and SCIM allow org admins to authenticate and provision users in their organization. Within Coda, the following SAML and SCIM features are supported for Okta:
SAML:
IdP-initiated SSO
SP-initiated SSO
Just-In-Time provisioning
SCIM:
Create users
Update user attributes
Deactivate users
Group push
For more information on the listed features, visit the Okta Glossary.
Configure SAML SSO with Okta
The instructions in this article are specific to Okta. If you use a different identity provider, please refer to this article instead.
Part 1: Enable SSO in Coda
The first step to setting up SSO is to enable it for your org on Coda. If you’re an org admin, you can follow the steps below to do so:
Go to coda.io/docs
In the lower left corner, click on More options. Then select Organization settings.
Click into the Authentication tab
Scroll down to the Authenticate with SSO (SAML) option, and toggle this on. Then click Configure SAML.
Click into the SAML provider dropdown, and choose Okta from the list of options.
Copy the Tenant ID value.
Continue on to Part 2 below.
Part 2: Create a new application in Okta
The next part of the process takes place in Okta.
In the Okta Admin Dashboard, find Coda under your applications.
Click into the Sign on tab, then click Edit.
Scroll down to the Advanced Sign-on Settings section, and enter the value of the Tenant ID from previous section into the provided field. Then click Save.
Slightly above the Advanced Sign-On Settings section, you should see a section titled Metadata details. Locate and copy the Metadata URL. You’ll need this URL for part 3.
Part 3: Configure SAML SSO in Coda
Back in the Coda SAML setup dashboard, paste the URL from the step above into the Metadata URL field (found in the From Okta section on the right). Click the Import button.
Sign on URL, Issuer, and Signing certificate will auto-fill. Make any manual edits if needed.
Your SAML configuration for Okta -> Coda is complete. You can start assigning people to the application.
Notes
The following SAML attributes are supported for Okta:
Property | FieldName from Okta |
First name | user.firstName |
Last name | user.lastName |
Service provider-initiated SSO
To initiate SSO from Coda:
Navigate to https://coda.io/signin
Click SSO
Enter your email address and click Continue
Configure SCIM with Okta
Part 1: Enable SCIM in Coda
The first step is to enable SCIM within your Coda organization settings. Note that you must be an Enterprise org admin to follow these steps:
Go to coda.io/docs
In the lower left corner, select More options, then select Organization Settings
Go to the Provisioning tab.
Ensure Provision with SCIM is enabled.
Click Generate New Token. (Note: Only one SCIM token is valid at a time. If SCIM was previously configured, generating a new token invalidates the previous token.)
Note the SCIM Base URL and SCIM Bearer Token. You will need this information later.
Part 2: Configure SCIM in Okta
Next, you’ll need to configure SCIM within Okta:
In Okta, click on the Provisioning tab in your Coda integration app.
Click Configure API Integration.
Check the resulting Enable API Integration checkbox.
Copy the SCIM Base URL from Coda (see the steps in the section above) into the Base URL field.
Copy the SCIM Bearer Token from Coda into the API Token field.
If you want to enable provisioning of groups in Coda, check the Import Groups checkbox. This will allow users in Coda to share with groups of users that you define in Okta.
Click Test API Credentials to verify you have correctly completed these steps.
Finally, click Save to enable provisioning.