Amplitude provides a single sign-on integration with Okta for customers on Scholarship, Growth, or Enterprise plans.

## Before you begin

For general information about SSO, refer to [SSO in Amplitude](/docs/admin/single-sign-on/sso).

To set up SSO, you must be an org admin for your Amplitude organization. You must also be able to configure your organization in Okta.

## Set up SSO for Amplitude using Okta

To configure SSO for Amplitude using Okta:

1. In Okta, navigate to the admin dashboard and click *Applications*.
2. On the _Applications_ page, click _Create App Integration_.

3. In the modal that appears, select the _SAML 2.0_ radio button and click _Next_.

4. Enter a name for the app. For easier recognition, you can also upload a logo to go with it. Then click _Next_.

5. Configure your SAML settings. Enter the single sign-on URL (ACS URL) and the audience URL (Entity ID) in the appropriate spaces. Then, from the _Application username_ dropdown, select _Email_.

You can find the Entity ID and Assertion Consumer Service URL in Amplitude, under _Settings > Organization settings > Access & SSO Settings > Single Sign-On settings_.

6. After you create the app, view the identity provider (**IdP**) metadata on the _Sign On_ tab in Okta.

7. Click the metadata to display the XML. Save this as an XML file. Many browsers can save the active page as a file with the `.xml` suffix.

8. In Amplitude, navigate to _Settings > Organization settings > Access & SSO Setting > Single Sign-On Settings_ and upload the metadata file.
9. Save your changes to enable SSO.