# Set up Okta SAML-based SSO

Superusers can configure single sign-on to the Rumble Console using an external SAML identity provider (IdP), such as Okta, which enables authentication and user access control to the Rumble Console without typing in credentials.

Here are the high-level steps to set up single sign-on (SSO) using Okta to authenticate and manage user access to Rumble:

### Requirements

Before you can set up Okta SAML:

• Verify that you have administrator privileges for Okta.
• Verify that you are a superuser in Rumble. Look for the yellow star in your account status.

### Step 1: Add and configure Rumble as an Okta app

1. Go to Okta > Applications > Create App Integration. When the Create a new app integration window appears, select SAML 2.0 for your sign-in method.
2. For the general settings, you’ll need to provide a name for the app. Call the app Rumble. You can also add a logo to make it easier for users to identify the Rumble app.
3. For the SAML settings, you’ll need to go to the service provider information page in Rumble to find the relevant URLs.
• Single sign on URL - In Rumble, this is the assertion consumer service (ACS) URL.
• Audience URI or SIP Entity ID - In Rumble, the entity ID, or SAML audience, will be console.rumble.run.
4. For the remaining settings, like the attribute statements, visit the Okta documentation to learn how to configure them.
5. When you finish configuring the SAML settings, Okta will prompt you for some feedback on how you will be using the app. You can opt to provide feedback or skip to complete the set up.
6. After Okta creates the app, you will need to view the SAML 2.0 instructions to complete the set up. Go to the the Sign On tab for the Rumble app and view the SAML 2.0 instructions. You’ll need these details for the next step.

### Step 2: Set up SSO in Rumble

1. Go to the SSO setup page in Rumble. Choose one of the following modes to enable SSO:
• Allowed - Enables SSO, but users still have the option to login without SSO.
• Issuer URL - In this field, enter the Identity Provider Issuer URL from Okta. This will look something like http://www.okta.com/<ID>
• Login URL - In this field, enter the Identity Provider Single Sign-On URL from Okta. This will look something like http://<okta-instance>/app/<app-name>/<ID>/sso/saml.