We constantly publish updates to our documentation, which may not yet be available in your language. For the most current information, use the English version.

for Marketers

Okta SSO

With Adjust’s support for Okta SSO, you can use your Okta credentials to sign in to Adjust.

Note:

SSO is available as an add-on feature. To get this on your account, contact sales@adjust.com.

Set up in Okta

You can sign in to Adjust through Okta only if you have enabled SSO in your Okta account. To set up Okta SSO via SAML (Security Assertion Markup Language), follow these steps in the Okta admin console.

Log in to your Okta admin account, and select Applications > Applications.
Select Add Application > Create New App. The Create a New Application Integration window is displayed.
Select SAML 2.0 as the Sign on method, and select Create. The Create SAML Integration window is displayed.
On the General Settings tab, enter the App Name as Adjust, and select Next.
On the Configure SAML tab, set up the following, and select Next:
1. Single sign on URL: https://api.adjust.com/accounts/users/saml/auth
  - Select Use this for Recipient URL and Destination URL.
2. Audience URI (SP Entity ID): https://api.adjust.com/accounts/users/saml/metadata
3. Name ID format: EmailAddress
4. Application username: Email
Now, on the Attribute Statements (Optional) tab, set the following attribute mappings, and select Next:

Name	Value
`first_name`	`user.firstName`
`last_name`	`user.lastName`
`primary_email`	`user.email`

Fill out the form requested by Okta, and select Finish.
Now, in the Sign On Methods tab of the created app, select View Setup Instructions.
Save the content shown under Optional as the SAML metadata XML file.

Great job! Your setup in Okta is done and you can move on to the next step.

Set up in Adjust

Adjust first enables SSO login for a single user account. Once you confirm that SSO login works for that user, Adjust enables SSO for all users on the domains that you provide. To complete setup for Okta SSO, follow these steps:

Send an email to your dedicated Account Manager or support@adjust.com with the following details to enable SSO for a single user in the account:
- Identity Provider: Okta
- Domain(s): This is the domain used in your company email address. For example: if an employee email is john.doe@example.com, you need to enter example.com. Adjust uses the domain to know which users should be converted to SSO users. To enter multiple email domains at once, separate them with a comma. For example: example.com, adjust.com. Once you have added a domain, it cannot be changed or deleted.
- Adjust user account: Provide the email address of a user who already has access to Adjust or your Adjust user account, for example, it-admin@example.com. If you want to test with your own user account, but do not have access to Adjust, ask an Adjust admin user on your team to create a user account for you. If required, you can remove your Adjust access after SSO setup is complete.
- Default role: If you create an Adjust user account through Okta, the user gets the default role permissions. The available options are Reader, Editor, or Admin. For more information, see our user permissions article.
- SAML metadata XML file: Attach the SAML metadata XML file that you downloaded from Okta.
After an Adjust representative confirms that they have enabled SSO for the account, follow these steps:
1. Go to the Adjust login page.
2. Select Log in with SSO.
3. Enter the Okta email address that you provided to Adjust, and select Next.
4. Sign in with Okta.
Send an email to the Adjust representative to inform them that login via SSO for the first user was successful. Adjust will then enable SSO for all users in your account within 24-48 hours.

Sign in with SSO

There are two ways to sign in to Adjust as an SSO user.

From Okta - Available for all users, required for first-time users

Sign in to your Okta account.
Go to Okta’s Applications > Applications.
Select the Adjust app.

You are sent to Adjust, signed in as the user associated with your Okta account.

From Adjust - Available for existing users

Go to the Adjust login page.
Select Log in with SSO.
Enter your Okta email address and select Next.
Sign in with Okta.

After successfully signing in with your Okta account, you are redirected back to Adjust. You are now logged in as the user associated with your Okta account.

Manage SSO users

When a new user logs in to Adjust through Okta for the first time, Adjust creates their account with the default role permissions. You can change the user's permissions.
Users in your account will no longer be able to retrieve or reset API tokens from Adjust. Instead, reach out to your dedicated Account Manager or support@adjust.com.
If your team has granted access to users on non-SSO domains (for example, if you work with advertising agencies), those users can still log into Adjust directly.
Once you integrate SSO, you need to manage two-factor authentication (2FA) through Okta for SSO users. Adjust will continue to manage 2FA for users on non-SSO domains, if you have enabled 2FA in Adjust.