Last Updated: 2024-01-26


This tutorial will guide you through the process of configuring a Starburst Galaxy single sign-on (SSO) using Okta.

Identity Providers (IdP)

An Identity Provider (IdP) is a system or service responsible for managing and authenticating the identities of users within a network or system. In the context of identity and access management (IAM), an IdP verifies the identity of individuals and provides authentication services, often in the form of login credentials (such as usernames and passwords) or other authentication methods.

In many scenarios, an IdP is a central component of a single sign-on (SSO) system. When a user attempts to access a protected resource or service, the IdP verifies the user's identity and, if authentication is successful, issues a security token. This token is then used to grant the user access to various applications or services without the need to re-enter credentials for each service.

Starburst Galaxy supports and tests the following three IdPs:

Starburst Galaxy also supports the use of a Custom IdP, provided it supports the Security Assertion Markup Language (SAML) protocol standard.

Systems for Cross-domain Identity Management (SCIM)

A System for Cross-domain Identity Management (SCIM) is a standard protocol used to automate the exchange of user identity information between identity domains.

You can use SCIM to replicate and sync users and groups from your IdP into Starburst Galaxy. The IdP can also push changes in user and group membership, including deletions, to a Starburst Galaxy account configured to receive that information. This ultimately allows an administrator to assign IdP users and/or groups to access control roles in Starburst Galaxy after they are synced into Starburst Galaxy. The process of assigning roles is a separate task and not part of the SSO or SCIM configuration.

Starburst Galaxy supports and tests System for Cross-domain Identity Management (SCIM) with the following two IdPs:


Learning outcomes

Upon successful completion of this tutorial, you will be able to:

About Starburst tutorials

Starburst tutorials are designed to get you up and running quickly by providing bite-sized, hands-on educational resources. Each tutorial explores a single feature or topic through a series of guided, step-by-step instructions.

As you navigate through the tutorial you should follow along using your own Starburst Galaxy account. This will help consolidate the learning process by mixing theory and practice.


Okta is a cloud-based identity and access management (IAM) platform. It provides both authentication and authorization services for individuals and organizations, enabling users to access various applications, services, and resources with a single set of credentials.

In this first part of the tutorial, you will begin by configuring Starburst Galaxy to enable a Single Sign-on (SSO) using Okta.

Step 1: Sign into Starburst Galaxy

Sign into Starburst Galaxy in the usual way. If you have not already set up an account, you can do that here.

Step 2: Open Access control menu in Starburst Galaxy

Now it's time to begin configuring a new single sign-on. SSO is considered a form of access control, and management of new SSO configurations is handled through the Access control menu.

Step 3: Select your identity provider

Next, it's time to select an Identity provider. You will choose Okta as the identity provider.

Note: Do not close the Starburst Galaxy web UI. You will need both tabs open to continue with this tutorial.

Step 4: Open Applications menu in Okta dashboard

Now it's time to open the Okta dashboard. You're going to copy information between Starburst Galaxy and Okta to configure the SSO.

Step 5: Create an App Integration

The Okta dashboard allows you to create App integrations to manage SSO. These can be configured to use SAML.

Step 6: Copy SAML settings from Starburst Galaxy to Okta

Next, you're going to copy the three SAML fields from Starburst Galaxy into the Okta dashboard.

Step 7: Finish the App Integration

You're almost done. Next, you just need to confirm the App integration to finish the process.

Step 8: View the metadata for your Identity Provider (IdP)

At the end of the last step, the Okta dashboard will take you to the Sign-On tab for your App Integration.

Next, you'll need to add the URL for the IdP metadata to Starburst Galaxy.

Step 9: Copy IdP metadata URL from Okta

Now it's time to copy the IdP metadata from the Okta dashboard to Starburst Galaxy. To do this, you're going to use the URL of the Okta page that just opened in the previous step and copy it into Starburst Galaxy. The metadata displayed on the page will automatically be imported.

Step 10: Add IdP metadata to Starburst Galaxy

Now it's time to paste the Okta URL into Starburst Galaxy. Remember that this will automatically import the IdP metadata.


After configuring a single sign-on in Starburst Galaxy, you should automatically be taken to the Provision SCIM page.

This is the next step in the process, and this tutorial will guide you through this stage. Just like last time, you'll want to keep two tabs open - one for Starburst Galaxy and the other for the Okta dashboard.

Step 1: Generate access token

To get started, you'll need to generate an access token.

Later in this tutorial, you'll copy this Starburst Galaxy access token into the Okta dashboard.

Note: Do not click Finish or refresh the browser tab. If you do, you will lose this token and need to start again.

Step 2: Enable SCIM provisioning in Okta

Now it's time to switch over to the Okta dashboard.

This time, you're going to add additional information to the Provisioning section. This will allow SCIM to be set up.

Step 3: Select the Provisioning tab in Okta

You should now see a new Provisioning tab at the top of your screen. This will allow you to begin configuring SCIM.

Step 4: Configure provisioning between Starburst Galaxy and Okta

You will need to switch between the Starburst Galaxy UI and the Okta dashboard in this step.

Step 5: Confirm the successful connection in Okta

Now it's time to confirm the connection. You'll need to return to Okta to complete this step.

Step 6: Finish provisioning SCIM in Starburst Galaxy

Now it's time to switch back to Starburst Galaxy to finish the process of provisioning SCIM. This is a short step, but an important one.

Step 7: Edit provisioning to app in Okta

Next, switch back to the Provisioning tab in the Okta dashboard. This is the part of the dashboard that you were using before.

Step 8: Assign yourself to the Okta admin user group

If you add a group to your cluster, everyone in that group will get an email informing them that they can sign in and set their password after you configure SCIM. You can use Okta to assign yourself to the admin user group.

In a real-world production environment this may be desirable, but for the purposes of this tutorial it is not necessary.

Step 9: View the new Okta users in Starburst Galaxy

Now it's time to return to your Starburst Galaxy tab and view the new Okta user. SSO access is handled through the Access control menu in Starburst Galaxy.

Step 10: Test the single sign-on configuration

You're good to go! Now it's time to test the SSO process from beginning to end to make sure that everything is working.

To do this, you'll need to sign out of both systems so you can test the new SSO method of signing-on .


If you would like to delete the SSO provider at any time, you may use these instructions.

Please consider the following before you delete your SSO provider.

Step 1: Delete the SSO provider

It's time to delete your SSO provider. To do this, you're going to sign in with Starburst Galaxy using a local account.

Note: Do not use the Sign in with Okta SSO button.

Step 2: Confirm deletion

Starburst Galaxy asks you to manually confirm the deletion. This prevents unwanted errors.

Tutorial complete

Congratulations! You have reached the end of this tutorial, and the end of this stage of your journey.

Now that you've completed this tutorial, you should have a better understanding of how to configure SSO for Starburst Galaxy with Okta.

Continuous learning

At Starburst, we believe in continuous learning. This tutorial provides the foundation for further training available on this platform, and you can return to it as many times as you like. Future tutorials will make use of the concepts used here.

Next steps

Starburst has lots of other tutorials to help you get up and running quickly. Each one breaks down an individual problem and guides you to a solution using a step-by-step approach to learning.

Tutorials available

Visit the Tutorials section to view the full list of tutorials and keep moving forward on your journey!

Start Free with
Starburst Galaxy

Up to $500 in usage credits included

  • Query your data lake fast with Starburst's best-in-class MPP SQL query engine
  • Get up and running in less than 5 minutes
  • Easily deploy clusters in AWS, Azure and Google Cloud
For more deployment options:
Download Starburst Enterprise

Please fill in all required fields and ensure you are using a valid email address.