Switching Dashboard SSO IdP from One Account (OIDC) to Okta (SAML)

Problem statement

This article discusses the best approach for switching Dashboard SSO IdP from One Account (OIDC) to Okta (SAML) while keeping all existing tenant members without disruption.

More context:

  • The switch is being motivated by business acquisition.
  • The email domain is also being changed (from @company1.com to @company2.com).
  • The protocol is also being switched (from OIDC to SAML).


Due to the number of changes, the best solution is to create a separate connection and replace the older connection.

  1. Add a new SSO connection with Okta (SAML). Enable HRD for @company2.com email domain.
  2. Confirm the new connection is functional.
  3. Delete the current SSO connection with One Account (OIDC) (HRD is enabled for @company1.com email domain).

If the protocol is not changed, modifying the existing connection to point to the new Okta IdP may be another option.