Okta SSO
With Adjust’s support for Okta SSO, you can use your Okta credentials to sign in to Adjust.
Set up in Okta
You can sign in to Adjust through Okta only if you have enabled SSO in your Okta account. To set up Okta SSO via SAML (Security Assertion Markup Language), follow these steps in the Okta admin console.
- Log in to your Okta admin account, and select Applications > Applications.
- Select Add Application > Create New App. The Create a New Application Integration window is displayed.
- Select SAML 2.0 as the Sign on method, and select Create. The Create SAML Integration window is displayed.
- On the General Settings tab, enter the App Name as
Adjust
, and select Next. - On the Configure SAML tab, set up the following, and select Next:
- Single sign on URL:
https://api.adjust.com/accounts/users/saml/auth
- Select Use this for Recipient URL and Destination URL.
- Audience URI (SP Entity ID):
https://api.adjust.com/accounts/users/saml/metadata
- Name ID format:
EmailAddress
- Application username:
Email
- Single sign on URL:
- Now, on the Attribute Statements (Optional) tab, set the following attribute mappings, and select Next:
Name | Value |
---|---|
first_name | user.firstName |
last_name | user.lastName |
primary_email | user.email |
- Fill out the form requested by Okta, and select Finish.
- Now, in the Sign On Methods tab of the created app, select View Setup Instructions.
- Save the content shown under Optional as the SAML metadata XML file.
Great job! Your setup in Okta is done and you can move on to the next step.
Set up in Adjust
Adjust first enables SSO login for a single user account. Once you confirm that SSO login works for that user, Adjust enables SSO for all users on the domains that you provide. To complete setup for Okta SSO, follow these steps:
Send an email to your dedicated Account Manager or support@adjust.com with the following details to enable SSO for a single user in the account:
- Identity Provider: Okta
- Domain(s): This is the domain used in your company email address. For example: if an employee email is john.doe@example.com, you need to enter
example.com
. Adjust uses the domain to know which users should be converted to SSO users. To enter multiple email domains at once, separate them with a comma. For example:example.com
,adjust.com
. Once you have added a domain, it cannot be changed or deleted. - Adjust user account: Provide the email address of a user who already has access to Adjust or your Adjust user account, for example, it-admin@example.com. If you want to test with your own user account, but do not have access to Adjust, ask an Adjust admin user on your team to create a user account for you. If required, you can remove your Adjust access after SSO setup is complete.
- Default role: If you create an Adjust user account through Okta, the user gets the default role permissions. The available options are Reader, Editor, or Admin. For more information, see our user permissions article.
- SAML metadata XML file: Attach the SAML metadata XML file that you downloaded from Okta.
After an Adjust representative confirms that they have enabled SSO for the account, follow these steps:
- Go to the Adjust login page.
- Select Log in with SSO.
- Enter the Okta email address that you provided to Adjust, and select Next.
- Sign in with Okta.
Send an email to the Adjust representative to inform them that login via SSO for the first user was successful. Adjust will then enable SSO for all users in your account within 24-48 hours.
Sign in with SSO
There are two ways to sign in to Adjust as an SSO user.
From Okta - Available for all users, required for first-time users
- Sign in to your Okta account.
- Go to Okta’s Applications > Applications.
- Select the Adjust app.
You are sent to Adjust, signed in as the user associated with your Okta account.
From Adjust - Available for existing users
- Go to the Adjust login page.
- Select Log in with SSO.
- Enter your Okta email address and select Next.
- Sign in with Okta.
After successfully signing in with your Okta account, you are redirected back to Adjust. You are now logged in as the user associated with your Okta account.
Manage SSO users
- When a new user logs in to Adjust through Okta for the first time, Adjust creates their account with the default role permissions. You can change the user's permissions.
- Users in your account will no longer be able to retrieve or reset API tokens from Adjust. Instead, reach out to your dedicated Account Manager or support@adjust.com.
- If your team has granted access to users on non-SSO domains (for example, if you work with advertising agencies), those users can still log into Adjust directly.
- Once you integrate SSO, you need to manage two-factor authentication (2FA) through Okta for SSO users. Adjust will continue to manage 2FA for users on non-SSO domains, if you have enabled 2FA in Adjust.