Skip to main content

Stack: Salesforce + Okta SSO

Restore the Okta side of Salesforce + Okta SSO

If you have Salesforce federated through Okta, the Federation ID attribute mapping is the single most fragile point in the integration. One bad edit and AEs cannot sign in. Butterfly versions that mapping, the SCIM feed, the assigned groups, and every Okta-side configuration that gates Salesforce login.

Butterfly captures versioned snapshots of every Okta-side resource that gates Salesforce login and profile assignment. Restore preview shows the exact diff before any revert.

Book a 30-min demo with MickStart the free trial

What you get

How Butterfly fits Salesforce + Okta SSO

Federation ID mapping is versioned

Every backup captures the Okta-side Salesforce SAML app — including the Federation ID attribute mapping that ties Okta identity to Salesforce user. Restore preview surfaces the diff between any two snapshots.

SCIM-driven profile and license assignment is versioned

The Okta-to-Salesforce SCIM connection is captured per snapshot, including the group-to-profile mappings that drive license-tier assignment.

Group rules driving Salesforce profile assignment are versioned

Restore preview shows which Salesforce-bound groups would change before any commit.

What goes wrong

Three incidents you have already seen variations of

Federation ID attribute drift locks AEs out

An edit intended to align with a new user-naming convention rewrote the Federation ID mapping. Existing AEs hit a Salesforce SAML error mid-pipeline review. Restore preview surfaces the diff.

SCIM profile-mapping change strips license

A group rule update unintentionally pushed a profile change that revoked Sales Cloud licenses for a region. Restore preview surfaces the group-rule + SCIM payload delta.

Sign-on policy change blocks the CS team mid-renewal

A device-trust tightening caught the customer-success group expression. CSMs could not reach Salesforce during renewal week. Restore preview surfaces the policy diff.

Honest scope

What Butterfly captures — and what it does not

In scope

The Okta-side configuration governing Salesforce SSO: the Salesforce SAML / OIDC app integration with the full attribute statement (including Federation ID), SCIM provisioning configuration, assigned users and groups, group rules driving Salesforce profile / role / license assignment, sign-on policies, and Workflows automations.

Out of scope

We do not back up Salesforce records, custom objects, profiles, permission sets, sharing rules, or Apex code. Salesforce-side data backup is a different category (OwnBackup, Gearset, Salesforce-native Backup & Restore).

Plans

Free, Standard, or Business

Free

$0 / forever

  • 1 Okta connection
  • 7-day retention
  • 1 total backup
  • No credit card

Standard

$1 / user / month — $99 minimum

  • 2 Okta connections
  • 90-day retention
  • Restore preview + dry-run
  • Audit Pack PDF (framework-filterable)

Business

$2 / user / month — $299 minimum

  • Unlimited Okta connections
  • Unlimited retention
  • Continuity (warm standby)
  • Priority restore support

Pricing reference: /upgrade. Provider coverage today: Okta, Okta Workflows, Auth0.

Regulatory shape

Compliance and audit angle

SOC 2 CC6 (logical access), ISO 27001 A.5.16 (identity management), and SOX general IT controls many revenue orgs run under all expect identity-layer continuity for revenue systems.

Butterfly's own SOC 2 Type II work is in progress; current status lives in the Trust Center.

Frequently asked

FAQ

How is this different from your Salesforce stack page?

This page focuses on the SSO link specifically — the SAML app, Federation ID, and SCIM feed. The Salesforce stack page is broader and covers the operational picture across Salesforce admin work.

Does this help with SOX GITC testing?

Yes. The Audit Pack PDF is framework-filterable and includes point-in-time evidence of access-control configuration over time, which maps directly to SOX GITC change-management testing.

Can we revert just the Federation ID attribute mapping?

Yes. Restore preview lets you pick the scope before committing.

Recover your Okta org in minutes, not hours

Talk to Mick (the founder) for a 30-minute demo, or start the free trial. No credit card for the free tier.

Book a 30-min demo with MickStart the free trial

More stacks

Okta DR for other stacks

AWS infrastructureDatabricksSnowflakeSalesforceHubSpotMicrosoft 365Google WorkspaceGitHub EnterpriseSlackJira SoftwareNotionZoomDatadog1Password BusinessGitHub + Okta SSOAWS IAM Identity CenterAtlassian stackFinancial servicesHealthcare provider

Trust posture, subprocessors, and security details: Trust Center.