Okta SAML
Configure IdP
- Log in to Okta and click on "Applications" and click "Create App Integration".
- Select the "SAML 2.0" option and click on Next.
- Configure the integration General Settings and click Next. A logo can be found here
- This step requires the URLs referenced in saml. Enter the 1.Single sign on URL and 2.Service Provider Entity ID that you received from support. Ensure "Use this for Recipient URL and Destination URL" is selected.
-
Add the following attributes:
Attribute name Value Name format email user.email Unspecified firstname user.firstName Unspecified lastname user.lastName Unspecified -
Select "I'm an Okta customer adding an internal app" and check the "It's required to contact the vendor to enable SAML" box. Click Finish.
-
Proceed by clicking on "Copy" in the
Metadata Details
section. Email Support([email protected]) with a request to enable SAML authentication and include the copied URL to the metadata file.
Bookmark app
Follow this guide to simulate IdP initiated flow so that Sandbox can be used from the app catalogue.
Use the SSO start URL provided by Support for the URL
field in the bookmark app
.
https://help.okta.com/en-us/Content/Topics/Apps/Apps_Bookmark_App.htm
Configure Roles
This is just one example of how to configure role binding for SSO. There are more ways.
- Create an application profile attribute by navigating to the
Sandbox
app inDirectory => Profile Editor
, then clickAdd attribute
. - Create a
sandbox_role
attribute as shown in the picture below, with the values defined in the role matrix: - Add an attribute to the SAML app registration called with the name
sandbox_role
and the valueappuser.sandbox_role
When a new user or group is assigned to the SAML app there will be an option to assign a role.