LogoLogo
👨‍💻 API Reference📣 Release Notes📺 Request a Demo
  • Introduction to Fiddler
    • Monitor, Analyze, and Protect your ML Models and Gen AI Applications
  • Fiddler Doc Chatbot
  • First Steps
    • Getting Started With Fiddler Guardrails
    • Getting Started with LLM Monitoring
    • Getting Started with ML Model Observability
  • Tutorials & Quick Starts
    • LLM and GenAI
      • LLM Evaluation - Compare Outputs
      • LLM Monitoring - Simple
    • Fiddler Free Guardrails
      • Guardrails - Quick Start Guide
      • Guardrails - Faithfulness
      • Guardrails - Safety
      • Guardrails FAQ
    • ML Observability
      • ML Monitoring - Simple
      • ML Monitoring - NLP Inputs
      • ML Monitoring - Class Imbalance
      • ML Monitoring - Model Versions
      • ML Monitoring - Ranking
      • ML Monitoring - Regression
      • ML Monitoring - Feature Impact
      • ML Monitoring - CV Inputs
  • Glossary
    • Product Concepts
      • Baseline
      • Custom Metric
      • Data Drift
      • Embedding Visualization
      • Fiddler Guardrails
      • Fiddler Trust Service
      • LLM and GenAI Observability
      • Metric
      • Model Drift
      • Model Performance
      • ML Observability
      • Trust Score
  • Product Guide
    • LLM Application Monitoring & Protection
      • LLM-Based Metrics
      • Embedding Visualizations for LLM Monitoring and Analysis
      • Selecting Enrichments
      • Enrichments (Private Preview)
      • Guardrails for Proactive Application Protection
    • Optimize Your ML Models and LLMs with Fiddler's Comprehensive Monitoring
      • Alerts
      • Package-Based Alerts (Private Preview)
      • Class Imbalanced Data
      • Enhance ML and LLM Insights with Custom Metrics
      • Data Drift: Monitor Model Performance Changes with Fiddler's Insights
      • Ensuring Data Integrity in ML Models And LLMs
      • Embedding Visualization With UMAP
      • Fiddler Query Language
      • Model Versions
      • How to Effectively Use the Monitoring Chart UI
      • Performance Tracking
      • Model Segments: Analyze Cohorts for Performance Insights and Bias Detection
      • Statistics
      • Monitoring ML Model and LLM Traffic
      • Vector Monitoring
    • Enhance Model Insights with Fiddler's Slice and Explain
      • Events Table in RCA
      • Feature Analytics Creation
      • Metric Card Creation
      • Performance Charts Creation
      • Performance Charts Visualization
    • Master AI Monitoring: Create, Customize, and Compare Dashboards
      • Creating Dashboards
      • Dashboard Interactions
      • Dashboard Utilities
    • Adding and Editing Models in the UI
      • Model Editor UI
      • Model Schema Editing Guide
    • Fairness
    • Explainability
      • Model: Artifacts, Package, Surrogate
      • Global Explainability: Visualize Feature Impact and Importance in Fiddler
      • Point Explainability
      • Flexible Model Deployment
        • On Prem Manual Flexible Model Deployment XAI
  • Technical Reference
    • Python Client API Reference
    • Python Client Guides
      • Installation and Setup
      • Model Onboarding
        • Create a Project and Onboard a Model for Observation
        • Model Task Types
        • Customizing your Model Schema
        • Specifying Custom Missing Value Representations
      • Publishing Inference Data
        • Creating a Baseline Dataset
        • Publishing Batches Of Events
        • Publishing Ranking Events
        • Streaming Live Events
        • Updating Already Published Events
        • Deleting Events From Fiddler
      • Creating and Managing Alerts
      • Explainability Examples
        • Adding a Surrogate Model
        • Uploading Model Artifacts
        • Updating Model Artifacts
        • ML Framework Examples
          • Scikit Learn
          • Tensorflow HDF5
          • Tensorflow Savedmodel
          • Xgboost
        • Model Task Examples
          • Binary Classification
          • Multiclass Classification
          • Regression
          • Uploading A Ranking Model Artifact
    • Integrations
      • Data Pipeline Integrations
        • Airflow Integration
        • BigQuery Integration
        • Integration With S3
        • Kafka Integration
        • Sagemaker Integration
        • Snowflake Integration
      • ML Platform Integrations
        • Integrate Fiddler with Databricks for Model Monitoring and Explainability
        • Datadog Integration
        • ML Flow Integration
      • Alerting Integrations
        • PagerDuty Integration
    • Comprehensive REST API Reference
      • Projects REST API Guide
      • Model REST API Guide
      • File Upload REST API Guide
      • Custom Metrics REST API Guide
      • Segments REST API Guide
      • Baselines REST API Guide
      • Jobs REST API Guide
      • Alert Rules REST API Guide
      • Environments REST API Guide
      • Explainability REST API Guide
      • Server Info REST API Guide
      • Events REST API Guide
      • Fiddler Trust Service REST API Guide
    • Fiddler Free Guardrails Documentation
  • Configuration Guide
    • Authentication & Authorization
      • Adding Users
      • Overview of Role-Based Access Control
      • Email Authentication
      • Okta OIDC SSO Integration
      • Azure AD OIDC SSO Integration
      • Ping Identity SAML SSO Integration
      • Mapping LDAP Groups & Users to Fiddler Teams
    • Application Settings
    • Supported Browsers
  • History
    • Release Notes
    • Python Client History
    • Compatibility Matrix
    • Product Maturity Definitions
Powered by GitBook

© 2024 Fiddler Labs, Inc.

On this page
  • Okta Setup:
  • Deployment instructions
  • Logging into Fiddler:
  • Important Notes

Was this helpful?

  1. Configuration Guide
  2. Authentication & Authorization

Okta OIDC SSO Integration

PreviousEmail AuthenticationNextAzure AD OIDC SSO Integration

Last updated 9 days ago

Was this helpful?

These instructions will help administrators configure Fiddler for use with an existing Okta single sign-on application.

Okta Setup:

  1. Set up an in Okta:

  • Select "Web Application" as the application type.

  • Configure the following URLs (replace {base_url} with your Fiddler deployment URL):

    • Sign-in redirect URI - {base_url}/api/sso/okta/callback

    • Sign-out redirect URI - {base_url}

    • Base URI - {base_url}

  • Enable "Authorization Code" grant for user authorization.

  1. Copy the client credentials from the "General" section:

  1. Share the following details with the Fiddler services team:

  • Okta domain

  • Client ID

  • Client Secret

  • Okta Account Type (default or custom)

Deployment instructions

  1. Create a <secret-filename>.yaml file using this template:

apiVersion: v1
kind: Secret
metadata:
  name: fiddler-sso-okta-credentials
  namespace: <NAMESPACE_NAME>
data:
  sso-okta-issuer: <OKTA_ISSUER> # https://<okta_domain>
  sso-okta-authorize-url: <AUTHORIZE_URL> # https://<okta_domain>/oauth2/v1/authorize
  sso-okta-token-url: <TOKEN_URL> # https://<okta_domain>/oauth2/v1/token
  sso-okta-user-info-url: <USER_INFO_URL> # https://<okta_domain>/oauth2/v1/userinfo
  sso-okta-client-id: <CLIENT_ID>
  sso-okta-client-secret: <CLIENT_SECRET>
  sso-okta-domain: <DOMAIN> # <okta_domain>
  authorization-type: <AUTHORIZATION_TYPE> # default
type: Opaque

Important:

  • Base64 encode all values (On macOS, use echo -n "string to encode" | base64).

  • Do not use double quotes in any values.

  • You can retrieve Okta URLs from https://<okta_domain>/.well-known/openid-configuration.

  1. Apply the Kubernetes secret to your cluster:

kubectl apply -f <secret-filename>.yaml -n fiddler
  1. Update your Helm values file with these settings:

fiddler:
  auth:
    sso:
      provider: okta
      okta:
        secretName: fiddler-sso-okta-credentials

Note: The new SSO settings apply once deployments are updated.

Logging into Fiddler:

After setup is complete:

  1. Go to the Fiddler login page.

  2. Click "Sign in with SSO".

  3. Complete authentication on the Okta login screen.

  4. If authentication succeeds, you'll be redirected to the Fiddler homepage.

Important Notes

  • Users must register with Fiddler using an invitation link from their Fiddler Org Admin before using SSO (unless auto-provisioning is configured).

  • Fiddler stores only the user's first name, last name, email address, and OIDC token.

Note your Okta domain and set up the in the "Sign On" section:

For API access, you need to create an access token from the "Credentials" tab in Fiddler's page (direct Okta authentication isn't supported for APIs).

group claim filter
Settings
OIDC configuration
Configuring Okta grant type and sign-in redirect URI
Configuring Okta sign-out redirect URI and base URI
Fetching Okta client credentials
Fetching Okta domain and setting up group claim filter
Image displaying the login flow from Fiddler login screen to Okta login and back to Fiddler homepage on successful authentication.