Configure Okta SAML SSO

IMPORTANT You can only use SAML SSO if you are on Figma’s Organizations plan(Currently in Beta). Learn more about Figma's plans here: https://www.figma.com/pricing

There are a couple of approaches available when implementing SAML SSO.

You can choose to initiate the SAML SSO process from the Identity Provider's end(IdP Initiated via Okta), or from the Service Provider's end(SP Initiated via Figma).

You also have the option to restrict logins via SAML SSO to a specific domain(i.e. your organization's domain name).

In this article, we'll take you through the steps required to get SAML SSO set up with Okta:

  1. Add the Figma App to your Okta Account.
  2. Complete Figma's Configuration Form.
  3. Configure the Okta Application.
  4. Assign Users to the Application.
  5. Configure Automatic Provisioning via SCIM (Recommended).

Learn more about SAML SSO functions in our Getting Started with SAML SSO.

1 | Add the Figma App to your Okta Account

First, you will need to add the Figma Okta app to your Okta account. This will allow you to generate a Metadata URL - you'll need to provide Figma with this, so the two services can be connected.

  1. Login to your Okta account and head to the Applications page.
  2. Select Add Application from the options.
  3. Search for Figma and click the Add button to add Figma to your account:
  4. Once installed, you can go to the Sign On page.
  5. Right click on the Identity Provider Metadata link and choose Copy link address. This should look something like this: *https://example.okta.com/app/abc123/sso/saml/metadata*

2 | Complete Figma's Configuration Form

This form gives us all the information required to establish a connection between Figma and Okta.

  1. Go to https://goo.gl/forms/qScpnT0m4IUk6W2g2
  2. Complete all of the required fields.
  3. In the How will you provide configuration information? section, select Metadata URL.
  4. Paste in the URL you copied from Okta.
  5. Complete any remaining questions and submit.

The Figma Support team will process your request. You will receive a confirmation email which includes a Tenant ID ( e.g. 1234567890). You'll need this before you can continue on to the next step!

3 | Configure the Okta Application

Once you've received your confirmation and Tenant ID, you can complete the configuration process in Okta.

  1. In Okta, go to Sign On tab for the Figma app.
  2. Click Edit and scroll down to the Advanced Sign-On Settings section.
  3. Enter your Tenant ID in the corresponding field.
  4. In the Application username format field, select Email from the options:
  5. Click Save to complete the process.

4 | Assign Users to the Application

Now that everything is set up, you can start assigning users to the application. As part of this process, you may be asked to provide additional information about each user.

Head to the Assignments tab(on the far right) to start adding users to the application.

The following attributes are supported:

Tip! If you would like to add users in bulk, then you can use Okta's Import function. Learn more in Okta's guides:

Sign In via Figma(SP initiated SSO)

To start the SAML SSO process from Figma's end, you can head to the following URL: https://www.figma.com/saml/[TenantID]/start

Note: You'll need to enter your[TenantID] provided by Figma in the URL above.

5 | Configure Automatic Provisioning via SCIM(Recommended)

Okta automatically offers JIT provisioning, which supports the ability to Create and Update user accounts.

We recommend also enabling Automated Provisioning via SCIM, in Okta. This allows you to Create, Update, Import, Deactivate and Reactivate users.

Check out our Configure Okta Provisioning SAML SSO article for detailed instructions.

Learn more