Please note: this feature is in alpha and needs to be activated by Ably for your account. Please contact us if you would like to try it. 


SAML single sign-on (SSO) makes it possible for your Ably enterprise account members to authenticate through an identity provider (IdP) of your choice. To get started, you’ll need to set up a connection with your IdP.


Follow these steps to connect your account with Okta:

  1. Login as the owner of the enterprise account for which you want to enable SSO.
  2. Navigate to the Ably → Account Settings page.
  3. Scroll down to the Authentication Settings section and toggle on the Enable Single Sign-On? option. An SSO settings form is displayed. Take note of the Single sign on URL and Audience URI values as these will be required in the next step.
  4. Follow the official Okta guideto enable SSO from Okta for the Ably application. Additional notes:
    1. Upload Ably logo;
    2. For the Name ID format field select the EmailAddress option;
    3. For the Application username field select the Email option;
    4. Ably requires users to present their full name. Okta can share user profile fields such as first name and last name values out as SAML attributes:
  5. Remember to assign users to the newly created Okta application.
  6. Locate the Identity Provider metadata provided by Okta for the new Ably application and navigate back to the Ably → Account Settings page.
  7. Complete the form with the provided by Okta values for:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate
  8. Click on Save authentication settings