Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Contact Us
  • Home
  • Administration – Figma Learn
  • Manage a Figma organization
  • Login and authentication

SAML SSO with Okta

Written by Figma Man

Updated at June 19th, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Administration – Figma Learn
    Manage files and projects Manage a team Manage your account Manage a Figma organization Manage Enterprise plan settings and permissions Billing Manage Figma in a school
  • Figma Design – Figma Learn
    Create prototypes Import and export Create designs Tour the interface Dev Mode Work together in files Build design systems Figma Draw
  • Get started – Figma Learn
    Set up your account Layers 101
  • FigJam – Figma Learn
    Import and export Run meetings Work on boards Tour the interface
  • Community – Figma Learn
    Explore the Community Creator tools and resources
  • Help – Figma Learn
    Troubleshoot Common questions Work with support
  • Work across Figma – Figma Learn
    Figma AI Work across Figma
  • Courses, tutorials, projects – Figma Learn
    Courses Projects
  • Figma Slides – Figma Learn
    Create and edit slides Present slide decks Tour the interface Import and export
  • Figma Buzz – Figma Learn
    Templates in Figma Buzz Create and edit assets in Figma Buzz Overview
  • Figma Make – Figma Learn
    Tour the interface Work with Figma Make
  • Figma Sites – Figma Learn
    Design a site Create webpages and breakpoints Make your site interactive Preview and publish a site Tour the interface
+ More

Table of Contents

Add the Figma app to Okta Set up SAML SSO in Figma Set up Figma in Okta Configure SAML SSO Assign users to the application Supported Basic Attributes Supported SCIM Enterprise User Attributes Set up automatic provisioning with SCIM Generate an API token in Figma Configure automatic provisioning in Okta Let your users know about the change

Before you start

Who can use this feature

Available on the Organization and Enterprise plans.

Organization admins only.

You will need to have an existing Okta account to set up SAML SSO with Okta.

Organizations that have stricter security requirements can configure SAML SSO. Learn more about SAML SSO in Figma →

You can use Okta as your identity provider to authenticate and provision users. Figma supports SAML SSO initiated from both Okta (identity provider) and Figma (service provider).

Add the Figma app to Okta

To connect Figma and Okta, you will first need to add the Figma app to your Okta account. This will generate a IdP Metadata URL, which you'll need to configure SAML SSO in Figma.

  1. Log in to your Okta account and head to the Applications page.
  2. Select Add Application from the options.
  3. Search for Figma and click the Add button to add Figma to your account.
  4. Once installed, go to the Sign On page.
  5. Right click on the Identity Provider Metadata link and choose Copy link address. The link should look like this: https://example.okta.com/app/abc123/sso/saml/metadata

Set up SAML SSO in Figma

  1. From the file browser, click Admin.
  2. Select Settings at the top of the screen.
  3. In the Login and provisioning section, click SAML SSO.
  4. Click Configure SAML and select Okta from the options.
  5. Enter the IdP Metadata IRL from Okta and click Review.
  6. Check the box to confirm This information is correct... and click Configure SAML SSO.
  7. Click the Copy link next to your Tenant ID. You'll need this to complete the set up process in Okta.

You need to decide if logging in via SAML SSO is mandatory, or if users can still login via email address and password. Learn more about authentication options →

Set up Figma in Okta

Now you have your Tenant ID, you can complete the configuration process in Okta. You will need to configure the Figma app and mapping user attributes between applications.

Configure SAML SSO

  1. Open the Figma app in Okta.
  2. Go to Sign On tab and click Edit.
  3. Scroll down to the Advanced Sign-On Settings section.
  4. Enter your Tenant ID in the field provided.
  5. In the Application username format field, select Email from the options.
  6. Click Save to complete the process.

Log in via Figma (service provider initiated SSO) To start the SAML SSO process from Figma's end, head to the following URL: https://www.figma.com/saml/[TenantID]/start 

Make sure to replace [Tenant ID] with your Organization's actual Tenant Id!

Assign users to the application

Now you can start assigning users to the application. As part of this process, you may be asked to provide additional information about each user.

Figma supports some basic attributes, as well as attributes only available to SCIM Enterprise users.

Start adding users to the application in the Assignments tab on the far right.

Supported Basic Attributes

Variable Name External Name External Namespace Suggested Mapping
givenName givenName urn:ietf:params:scim:schemas:core:2.0:User user.firstName
familyName familyName urn:ietf:params:scim:schemas:core:2.0:User user.lastName
displayName displayName urn:ietf:params:scim:schemas:core:2.0:User user.displayName
title title urn:ietf:params:scim:schemas:core:2.0:User user.title

Supported SCIM Enterprise User Attributes

Variable Name External Name External Namespace Suggested Mapping  
employeeNumber employeeNumber urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.employeeNumber
costCenter costCenter urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.costCenter
organization organization urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.organization
division division urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.division
department department urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.department
managerValue manager.value urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.managerId
managerDisplayName manager.displayName urn:ietf:params:scim:schemas:extension:enterprise:2.0:User user.manager

Note: Missing the SCIM Enterprise user attributes? Figma applications added in Okta prior to June 2019 may need to be upgraded. Please submit a request through our contact form for assistance.

  1. Select Account and file management from the list of issues.
  2. Select Managing users and teams.
  3. Under Subject, type in 'SSO / SAML' and provide details of your request in the description box. 

Set up automatic provisioning with SCIM

Okta supports automatic provisioning with SCIM. To set up SCIM you will need to generate an API token in Figma then add this to Okta.

Tip: You can also use SCIM in Okta to manage seats for members in your organization and assign billing groups or workspaces.

Generate an API token in Figma

  1. From the file browser, click Admin .
  2. Select Settings at the top of the screen.
  3. In the Login and provisioning section, click SCIM provisioning.
  4. Click Generate API Token in the dialog.
  5. Copy the API token to your clipboard. You'll need this to complete the process in Okta.

Configure automatic provisioning in Okta

Make sure the following functions are enabled in Okta:

  • Create users
  • Update user attributes
  • Deactivate users

Warning: If a user is deactivated in Okta, this will remove their Figma account from your organization and they will lose all permissions. If you reactivate the user in Okta and re-add them to your organization, someone will need to manually add them to their previous teams, projects and files. 

  1. Open the Figma app in Okta.
  2. Go to the Provisioning tab in the Figma app.
  3. Click the Configure API Integration button.
  4. Check the box next to Enable API Integration.
  5. Enter the API Token in the field provided.
  6. Click Test API Credentials to ensure it's set up correctly.
  7. When you get a success message, click Save to apply.
  8. A few more options will now appear under the Provisioning section. Select To App in the left-hand menu.
  9. Click Save to apply.

Let your users know about the change

The first time a user logs into Figma using SSO, or after they are provisioned via SCIM, they'll receive a verification email from SendGrid. This email contains a unique 6-digit pin, which they'll use just once as an additional security measure during their initial login.

To make sure users don't mistake the email for spam or a phishing attempt, you may wish to let them know about this extra step in advance.

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Guide to SAML SSO
  • SAML SSO with Microsoft Entra ID
  • SAML SSO with OneLogin
  • Set login and authentication method
  • Authenticate with Google
  • Blog
  • Best practices
  • QR code generator
  • Color wheel
  • Colors
  • Color picker
  • Color palettes
  • Color palette generator
  • Color contrast checker
  • Font Library
  • Templates
  • Developers
  • Integrations
  • Affiliate program
  • Resource library
  • Reports and insights
  • Support
  • Status
  • Legal and privacy
  • Modern slavery statement
  • Climate disclosure statement
  • COMPARE
  • Sketch
  • Adobe XD
  • Framer
  • Miro
  • COMPANY
  • Events
  • Customers
  • Careers
  • Newsroom
Expand