Skip to main content

Configure your SSO provider

Customers on the Enterprise plan may use Okta instead of Google as the SSO provider for their workspace.

Configure Okta SSO

To use Okta with Modelbit you must be on an Enterprise plan. Enabling Okta for your workspace requires the following one-time setup from your Okta administrator:

Begin in Modelbit, in Settings (click the gear icon in the header), then click the Okta toggle under SSO Providers. The first step in the setup wizard will direct you here, to set up a new application for Modelbit at okta.com:

  1. At okta.com, in the left menu, click Applications, then click Applications that appears in the sub-menu.
  2. Then click Create App Integration
  3. Choose OIDC - OpenID Connect then choose Web Application and click Next.

To complete creating the Okta Application, complete the form:

  1. Application Name: Modelbit
  2. Logo: Upload https://doc.modelbit.com/img/modelbit-logo.png
  3. Ignore Sign-in redirect URIs for now. We'll update this value after configuring Modelbit with this Okta application.
  4. Sign-out redirect URIs: https://app.modelbit.com/
  5. Assignments: Choose Allow everyone or the limited groups, depending on your IT policies. Click Save.

Proceed to the next step in Modelbit's SSO Wizard and copy Client ID, Client Secret and your Issuer (Okta Domain) from Okta into Modelbit's form. You can copy your Okta Domain from the URL bar of your web browser. Then click Next.

Finally, configure the Sign-in redirect URI in the Okta application.

  1. Copy the value from the last step of Modelbit's setup wizard.
  2. Click Edit under General Settings in the Okta Application
  3. Paste over the temporary value in Sign-in redirect URIs
  4. Click Save in the Okta Application
  5. Click Finish in Modelbit

Your workspace is now configured to authenticate users with Okta!

Testing Okta SSO

To ensure you can rejoin your Modelbit workspace with your new Okta-authenticated user, in Settings:

  1. Ensure the Automatically add new <your-company>.com users toggle is enabled, OR
  2. Invite your Okta user's email to the workspace using the Invite user form

If you just configured Okta, you're probably logged in with your Google-authenticated user account. Sign out of Modelbit and return to https://app.modelbit.com/

  1. Click Or sign in with Okta
  2. Enter your workspace's name, and click Sign in

You'll be redirected through Okta and back to Modelbit, and you'll be logged in using your Okta-authenticated account. You can log in with Google or Okta while testing your SSO configuration.

Removing Google SSO

Modelbit supports multiple SSO providers per-workspace. The default SSO provider for every workspace is Google. If you just enabled Okta you may want to disable Google so that only users authenticating through Okta are allowed into the workspace.

In Modelbit's Settings page you can see which users are authenticated with Google vs. Okta. To disable Google as an SSO provider for your workspace:

  1. Log in to Modelbit with your Okta user by visiting https://app.modelbit.com/ and clicking Or sign in with Okta.
  2. Open Settings, and click the toggle next to Google
  3. Confirm Disable Google in the dialog that appears

Any workspace users currently authenticated with Google will be logged out of the workspace and their email addresses moved to Pending Invitations. When those users log in with Okta they will automatically rejoin this workspace as Okta-authenticate users.

Please inform your users to log into Modelbit with Okta instead of Google going forward.