back

Okta SAML

Configure IdP

  1. Log in to Okta and click on "Applications" and click "Create App Integration". picture
  2. Select the "SAML 2.0" option and click on Next. picture
  3. Configure the integration General Settings and click Next. A logo can be found here picture
  4. This step requires the URLs referenced in saml. Enter the 1.Single sign on URL and 2.Service Provider Entity ID that you received from support. Ensure "Use this for Recipient URL and Destination URL" is selected. picture
  5. Add the following attributes: picture

    Attribute name Value Name format
    email user.email Unspecified
    firstname user.firstName Unspecified
    lastname user.lastName Unspecified
  6. Select "I'm an Okta customer adding an internal app" and check the "It's required to contact the vendor to enable SAML" box. Click Finish. picture

  7. Proceed by clicking on "Copy" in the Metadata Details section.picture Email Support([email protected]) with a request to enable SAML authentication and include the copied URL to the metadata file.

Bookmark app

Follow this guide to simulate IdP initiated flow so that Sandbox can be used from the app catalogue. Use the SSO start URL provided by Support for the URL field in the bookmark app.
https://help.okta.com/en-us/Content/Topics/Apps/Apps_Bookmark_App.htm

Configure Roles

This is just one example of how to configure role binding for SSO. There are more ways.

  1. Create an application profile attribute by navigating to the Sandbox app in Directory => Profile Editor, then click Add attribute. Profile editor Profile editor
  2. Create a sandbox_role attribute as shown in the picture below, with the values defined in the role matrix: Sandbox attribute
  3. Add an attribute to the SAML app registration called with the name sandbox_role and the value appuser.sandbox_role Sandbox attribute

When a new user or group is assigned to the SAML app there will be an option to assign a role. Sandbox attribute Sandbox attribute Sandbox attribute