Okta
Configure SSO on CoreWeave with Okta
To configure CoreWeave SSO using Okta as your identity provider, first create a new SSO configuration on CoreWeave.
On the configuration screen, select Okta from the Your IDP drop-down menu.
.f6b794f.1200.png)
It's recommended to keep the CoreWeave Cloud window open so that you may reference the values provided by CoreWeave during this configuration.
Configure Okta
Navigate to the Okta Admin Console to create a SAML app integration to begin configuring Okta's side of the SSO connection.
General settings
From the SAML integration screen, enter an application name (such as CoreWeave Cloud). Optionally, add an app logo to display in the Okta application menu. Then, click Next.
For more information on Okta's SAML integration fields, refer to Okta's Application Integration Wizard SAML field reference.
.d8b4aa6.1200.png)
Configure SAML
On the following menu, Configure SAML, enter the Single sign-on URL provided in the CoreWeave SSO configuration panel.
What Okta calls the Single-sign on URL is the same as the Assertion Consumer Service (ACS) URL provided in the CoreWeave SSO configuration panel.
Check the box beside "Use this for the Recipient URL and the Destination URL."
The general configuration fields should be set to the following values:
| Field | Value |
|---|---|
| Single sign-on URL | Provided by CoreWeave. (See: Configure the IDP) |
| Audience URI (SP Entity ID) | Provided by CoreWeave. (See: Configure the IDP) |
| Name ID format | Unspecified |
| Application username | Okta username |
| Update applicaton username on | Create and update |
.4932c12.1200.png)
Attribute statements
Next, on the same page, configure the Attribute Statements for the SAML integration. The attribute statements fields should be set to the following:
| Name | Name format | Value |
|---|---|---|
| first_name | Unspecified | user.firstName |
| last_name | Unspecified | user.lastName |
| Unspecified | user.email | |
| login | Unspecified | user.login |
.cd3e68a.1200.png)
The email attribute is what uniquely identifies users.
Identity provider URL, issuer, and X.509 certificate
To acquire the identity provider URL, the IDP Single sign-on URL, and the X.509 certificate, click the View SAML setup instructions button on the right-hand side of the "Configure SAML" page.
.abe29af.1200.png)
This will redirect to a "How to" page, which contains all values for these fields.
.a838f74.1200.png)
The provided values in these fields must be added to their associated fields in the CoreWeave SSO configuration menu.
Feedback
The final portion of the Okta SAML integration is a feedback form for Okta, and may be filled out as you wish - this feedback is used by Okta. Once this section is complete, click Finish.
.ba719ed.1200.png)
Configure CoreWeave SSO
If not already complete, return to the CoreWeave SSO configuration menu to finish setting up and enabling the SSO configuration.