SSO is available on Standard and Enterprise plans.
Before you begin
This page assumes you have the following:- Access to your organization’s Pinecone console as an organization owner.
- Access to your organization’s Okta Admin console.
1. Start SSO setup in Pinecone
First, start setting up SSO in Pinecone. In this step, you’ll capture a couple values necessary for configuring Okta in Step 2.- In the Pinecone console, go to Settings > Manage.
- In the Single Sign-On section, click Enable SSO.
- In the Setup SSO dialog, copy the Entity ID and the Assertion Consumer Service (ACS) URL. You’ll need these values in Step 2.
- Click Next.
2. Create an app integration in Okta
In Okta, follow these steps to create and configure a Pinecone app integration:- If you’re not already on the Okta Admin console, navigate there by clicking the Admin button.
- Navigate to Applications > Applications.
- Click Create App Integration.
- Select SAML 2.0.
- Click Next.
-
Enter the General Settings:
- App name:
Pinecone
- App logo: (optional)
- App visibility: Set according to your organization’s needs.
- App name:
- Click Next.
-
For SAML Settings, enter values you copied in Step 1:
- Single sign-on URL: Your Assertion Consumer Service (ACS) URL
- Audience URI (SP Entity ID): Your Entity ID
- Name ID format:
EmailAddress
- Application username:
Okta username
- Update application username on:
Create and update
-
In the Attribute Statements section, create the following attribute:
- Name:
email
- Value:
user.email
- Name:
- Click Next.
- Click Finish.
3. Get the sign on URL and certificate from Okta
Next, in Okta, get the URL and certificate for the Pinecone application you just created. You’ll use these in Step 4.- In the Okta Admin console, navigate to Applications > Pinecone > Sign On. If you’re continuing from the previous step, you should already be on the right page.
- In the SAML 2.0 section, expand More details.
- Copy the Sign on URL.
-
Download the Signing Certificate.
Download the certificate, don’t copy it. The downloaded version contains necessary
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
lines.
4. Complete SSO setup in Pinecone
In the browser tab or window you kept open in Step 1, complete the SSO setup in Pinecone:-
In the SSO Setup window, enter the following values:
- Login URL: The URL copied in Step 3.
- Email domain: Your company’s email domain. To target multiple domains, enter each domain separated by a comma.
-
Certificate: The contents of the certificate file you copied in Step 3.
When pasting the certificate, be sure to include the
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
lines.
-
Choose whether or not to Enforce SSO for all users.
- If enabled, all members of your organization must use SSO to log in to Pinecone.
- If disabled, members can choose to log in with SSO or with their Pinecone credentials.
- Click Next.
- Select a Default role for all users who log in with SSO. You can change user roles later.