# How to Set Up SAML Configuration Both Aviator’s cloud accounts and self-hosted deployments support Google, Okta, Active Directory, or other SAML SSO providers. ## SAML 2.0 Aviator supports SAML 2.0 based authentication. To request SAML authentication for your account, please contact [howto@aviator.co](mailto:howto@aviator.co). See instructions below for Okta. If you have any other identity provider, please contact us for instructions. ### Note for onprem users Please replace *app.aviator.co* with with **aviator.yourdomain.com** in the instructions below. ### Okta setup 1. Sign into Okta as an administrator. 2. Go to Admin Dashboard > Applications > **Add Application**. If you don't see that option, you might need to switch to the **Classic UI**, using the drop-down in the upper left. 3. Click **Create New App** and choose **SAML 2.0** as the Sign on method. 4. Enter **General Settings** for the application: * App name: **Aviator** * **App logo** (optional). You can download the application logo for the application, you can download one from [here](https://api.aviator.co/static/img/aviator_long.png). 5. Log into Aviator and go to SAML configuration page: [https://app.aviator.co/saml/okta/configure](https://app.aviator.co/saml/okta/configure) 6. Copy the unique **Single Sign on url**, of format: [**https://app.aviator.co/saml/sso/**](https://aviator.yourdomain.com/saml/sso/)**\** ![identity provider setup](/files/pnn1Iq4EtCAPZq9A2TPJ) 8\. Enter SAML Settings, including: * Single sign on URL: enter the URL you copied in Step 6 * Audience URI: `mergequeue` * Default Relay state: \ * Name ID format: `EmailAddress` * Application username: `Email` 9\. Enter the attribute statements, which will be used to map attributes between Okta and Aviator. Please note that these values are case-sensitive. ![](/files/a6yv3jlcOgSwVirMJub4) 10\. Click **Next**. Then, set Okta support parameters for the application. Recommended settings: * I’m an Okta customer adding an internal app * This is an internal app that we have created. 11\. Click **Finish**. On the next screen, click the **Sign On** tab and go to SAML Signing Certificates and select SHA-2 Actions dropdown. Select View IdP metadata.
12\. Copy the url that it opens, this is your **Metadata URL**. It should typically end with: `/sso/saml/metadata` 13\. Go to the **Assignments** tab, and assign the app to the appropriate groups / users to access. 14\. Go back to the SAML configuration page and update the following properties: [https://app.aviator.co/saml/okta/configure](https://app.aviator.co/saml/okta/configure) * **Metadata url**: Paste the Metadata URL copied from step 11 * **Email domains to allow**: enter your company email domain, e.g. [**example.com**](http://example.com) * **Click Save and Activate** This should enable the Okta configuration for your organization. Please verify this by logging out and logging in directly from Okta portal. Notes: * This is idp initiated authentication, so you can login in directly from the Okta portal. * It’s also recommended to post an announcement for your users to explain how the migration will work. Contact: [support@aviator.co](mailto:support@aviator.co) if you have any issues with the setup. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aviator.co/mergequeue/how-to-guides/saml-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.