Skip to main content
This guide walks through configuring SAML SSO with Okta as your identity provider.
Email addresses in and Tuple must match exactly. For example, dev+tuple@company.com does not match dev@company.com. Verify your team’s email addresses before enabling SSO.
1

Create a SAML app

After signing in to your Okta account, click Applications in the navigation bar and then click Create App Integration.Create App IntegrationSelect SAML 2.0 as the sign-in method.Select SAML 2.0 sign-in method
2

Configure the app

Name the app “Tuple” and upload an icon, which you can download here.General SettingsFill in the following fields:Configure SAMLSingle sign on URL
https://production.tuple.app/users/saml/auth
Audience URI (SP Entity ID)
https://production.tuple.app/users/saml/metadata
There are three additional attributes that Tuple requires: email, first_name, and last_name.
3

Set up SAML in Tuple

After finishing the install wizard, click View SAML Setup Instructions on the Sign On tab.View Setup InstructionsThis provides the metadata needed to configure SAML in Tuple:
  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer URL
  • Downloaded certificate file View certificate
Navigate to the Settings tab of the team management dashboard.
Only team owners can access this page. To find out who your team owner is, check your profile.
Toggle Enable SAML to reveal the configuration form:SAML configuration form in TupleFill in the values with your metadata:Click Save Configuration to enable SAML for your team. Active sessions persist, but new logins are routed through . Log in at production.tuple.app/saml_check/new to verify the configuration.

SCIM provisioning

Okta supports automated user provisioning via SCIM. See SCIM provisioning with Okta for setup instructions.