# How to Set Up SAML Configuration Both Aviator’s cloud accounts and self-hosted deployments support Google, Okta, Active Directory, or other SAML SSO providers. ## SAML 2.0 Aviator supports SAML 2.0 based authentication. To request SAML authentication for your account, please contact [howto@aviator.co](mailto:howto@aviator.co). See instructions below for Okta. If you have any other identity provider, please contact us for instructions. ### Note for onprem users Please replace *app.aviator.co* with with **aviator.yourdomain.com** in the instructions below. ### Okta setup 1. Sign into Okta as an administrator. 2. Go to Admin Dashboard > Applications > **Add Application**. If you don't see that option, you might need to switch to the **Classic UI**, using the drop-down in the upper left. 3. Click **Create New App** and choose **SAML 2.0** as the Sign on method. 4. Enter **General Settings** for the application: * App name: **Aviator** * **App logo** (optional). You can download the application logo for the application, you can download one from [here](https://api.aviator.co/static/img/aviator_long.png). 5. Log into Aviator and go to SAML configuration page: [https://app.aviator.co/saml/okta/configure](https://app.aviator.co/saml/okta/configure) 6. Copy the unique **Single Sign on url**, of format: [**https://app.aviator.co/saml/sso/**](https://aviator.yourdomain.com/saml/sso/)**\** ![identity provider setup](https://273246003-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOAPqUQVbLbsfI5YESl32%2Fuploads%2FHZBUZq5B5epEAUXbVlEh%2FScreen%20Shot%202023-02-09%20at%2010.25.39%20AM.png?alt=media\&token=a5a05403-7a7c-4930-8c12-ef64c1665479) 8\. Enter SAML Settings, including: * Single sign on URL: enter the URL you copied in Step 6 * Audience URI: `mergequeue` * Default Relay state: \ * Name ID format: `EmailAddress` * Application username: `Email` 9\. Enter the attribute statements, which will be used to map attributes between Okta and Aviator. Please note that these values are case-sensitive. ![](https://273246003-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOAPqUQVbLbsfI5YESl32%2Fuploads%2F8pfqSyGuJ4FPrk4dL7Vy%2FScreen%20Shot%202022-05-10%20at%2012.07.08%20PM.png?alt=media\&token=78698c73-c17e-43b0-9781-5b5116afad1e) 10\. Click **Next**. Then, set Okta support parameters for the application. Recommended settings: * I’m an Okta customer adding an internal app * This is an internal app that we have created. 11\. Click **Finish**. On the next screen, click the **Sign On** tab and go to SAML Signing Certificates and select SHA-2 Actions dropdown. Select View IdP metadata.

12\. Copy the url that it opens, this is your **Metadata URL**. It should typically end with: `/sso/saml/metadata` 13\. Go to the **Assignments** tab, and assign the app to the appropriate groups / users to access. 14\. Go back to the SAML configuration page and update the following properties: [https://app.aviator.co/saml/okta/configure](https://app.aviator.co/saml/okta/configure) * **Metadata url**: Paste the Metadata URL copied from step 11 * **Email domains to allow**: enter your company email domain, e.g. [**example.com**](http://example.com) * **Click Save and Activate** This should enable the Okta configuration for your organization. Please verify this by logging out and logging in directly from Okta portal. Notes: * This is idp initiated authentication, so you can login in directly from the Okta portal. * It’s also recommended to post an announcement for your users to explain how the migration will work. Contact: [support@aviator.co](mailto:support@aviator.co) if you have any issues with the setup.