Skip to main content
Use this guide to configure Okta as the identity provider for CodeRabbit. The current setup is support-assisted: you create the Okta SAML application, collect the required metadata, and then send the final values to CodeRabbit for enablement.

​
Before you start

Make sure you have:
  • Access to the Okta Admin Console
  • The email domain that should authenticate through CodeRabbit
  • A contact path to support@coderabbit.ai to request CodeRabbit’s service provider values and submit your final metadata

​
What CodeRabbit provides

Before you configure the Okta app, request these values from support@coderabbit.ai:
  • Single sign-on URL (ACS URL)
  • Audience URI (SP Entity ID)
Okta requires both values to create the SAML integration.

​
What CodeRabbit needs from you

After you create the Okta app, send these four items to CodeRabbit:
  • Email domain: for example, yourcompany.com
  • Sign-on URL: the IdP Single Sign-On URL from Okta metadata
  • Issuer: the IdP issuer or entity ID from Okta metadata
  • Signing certificate: an X.509 certificate file in .pem or .cer format

​
Set up the Okta app

1

Create the Okta app integration

Sign in to your Okta Admin Console, then go to Applications -> Applications and click Create App Integration.In the Create a new app integration dialog, select SAML 2.0 and click Next.
Okta Create a new app integration dialog with SAML 2.0 selected
On the General Settings screen, enter a clear app name such as CodeRabbit, optionally upload a logo, and continue to the SAML configuration screen.
2

Fill in the SAML configuration

In the SAML settings screen, use the following values:
FieldValue
Single sign-on URLProvided by CodeRabbit
Audience URI (SP Entity ID)Provided by CodeRabbit
Default RelayStateLeave blank
Name ID formatEmailAddress
Application usernameEmail
No attribute statements are required. Leave the Attribute Statements and Group Attribute Statements sections empty.Click Next and complete the wizard to create the application.
3

Retrieve your Okta SAML metadata

After the app is created, open Applications -> Applications -> your CodeRabbit app -> Sign On.Scroll to SAML Signing Certificates, find the certificate marked Active, and open Actions -> View IdP metadata. This opens the XML metadata page that contains the values CodeRabbit needs.
Okta SAML Signing Certificates section with the Actions menu open for the active certificate
Collect the following values from the metadata XML:
  • Sign-on URL: copy the Location attribute from the md:SingleSignOnService element
  • Issuer: copy the entityID attribute from the md:EntityDescriptor element
  • Signing certificate: copy the ds:X509Certificate value
Save the certificate in .pem format:
-----BEGIN CERTIFICATE-----
PASTE_CERTIFICATE_CONTENT_HERE
-----END CERTIFICATE-----
If you prefer, you can also download the certificate directly from the Sign On tab using Actions -> Download certificate.
4

Assign people or groups

Open the Assignments tab for the app, click Assign, and assign the people or groups that should be allowed to sign in to CodeRabbit.Users cannot authenticate through Okta until they are assigned to the application.
5

Send the configuration to CodeRabbit and validate access

Send the following items to support@coderabbit.ai:
  • Your organization’s email domain
  • The Okta Sign-on URL
  • The Okta issuer
  • The signing certificate file
After CodeRabbit confirms the configuration is enabled, test the sign-in flow with an assigned user account. Assigned users are added to your CodeRabbit organization automatically on first SSO login.

​
What’s next

Enterprise SSO overview

Return to the SSO overview to see the shared rollout flow and future provider coverage.

Roles and permissions

Pair SSO with the right access controls by reviewing how roles work in your CodeRabbit organization.

Support

Reach out if you need the CodeRabbit service provider values or help troubleshooting the Okta setup.