Uptrace
4098
Get started
Get started
Alerts and Notifications
Chart annotations
Dashboards
Transformations
Service graph
Grafana integration
Data fixtures
Querying
Spans and Logs
Metrics
Searching
PromQL compat
Grouping & systems
Logs grouping
Semantic attributes
SSO
Google
Okta
Keycloak

Okta Single Sign-On

Okta is a cloud-based identity and access management platform that supports
SAML 2.0, OpenID Connect, and OAuth 2.0. You can use Okta as a SAML 2.0 Identity Provider to bring
your Okta users into Uptrace.

Single Sign-On allows you to manage users using SAML providers. After logging in, such users are
automatically added to a team and can access team projects. When users are removed from Okta, they
automatically lose granted access in Uptrace.

Step 1. Create SAML SSO in Uptrace

  1. In Uptrace, go to Organization -> Single Sign-On
  2. Click New SSO -> New SAML
  3. Fill out the form:
    • Domain: your unique domain name (can be any string; it will be used later during the sign-in
      process)
    • User team: select the team that will be automatically assigned to new users
    • User role: select the role that will be automatically assigned to new users

Uptrace SAML

  1. Click Create and you will be presented with the service provider information required to
    configure Okta

Uptrace service provider

Leave this form open — you will need to enter the Metadata URL from Okta to finish the setup.

Step 2. Create an app integration in Okta

  1. In Okta, go to Applications and click Create App Integration
  2. In the dialog window, select SAML 2.0 and click Next

Okta new app

  1. In the General Settings tab, use Uptrace as the app name and click Next

Okta general settings

Step 3. Configure SAML settings

  1. In the Configure SAML tab, use the service provider information you received from Uptrace in
    Step 1 to fill in the Single sign-on URL and Audience URI (SP Entity ID) fields

Okta SAML settings

  1. On the same page, scroll down to Attribute Statements and add the following attributes:

Okta Attributes

  1. Click Next to go to the feedback page. Select the appropriate option and click Finish

Okta Feedback

Step 4. Get metadata URL

  1. You should land on the Sign On tab for your new application
  2. Find and copy the Metadata URL — you will need it to finish configuring Uptrace

Okta Metadata URL

Step 5. Finish configuring Uptrace

  1. Go back to the SAML SSO form you left open in Step 1
  2. Enter the Metadata URL you copied from Okta in Step 4
  3. Click Save

Uptrace metadata URL

You can now log in to Uptrace using Okta by opening
https://uptrace.dev/auth/sso/<your-domain>.

Troubleshooting

Metadata URL not accessible — Uptrace needs to fetch the metadata URL from Okta to obtain the
SAML certificate and endpoints. Make sure the URL is reachable from the Uptrace host.

Attribute statements missing — Uptrace requires email and name attributes from the SAML
assertion. Make sure you configured the attribute statements as described in Step 3.

User has no email — Uptrace requires an email address for SSO users. Make sure the Okta user has
an email configured in their profile.

GoogleConfigure Google Cloud OpenID Connect SSO with Uptrace using OAuth clients, redirect URIs, and client credentials.
KeycloakDeploy Keycloak and configure OpenID Connect SSO with Uptrace using realms, clients, redirect URIs, and client credentials.
Step 1. Create SAML SSO in Uptrace
Step 2. Create an app integration in Okta
Step 3. Configure SAML settings
Step 4. Get metadata URL
Step 5. Finish configuring Uptrace
Troubleshooting