Saml with Okta
This guide walks you through configuring Okta as a SAML SSO identity provider (IdP) for Ostorlab.
Prerequisites
Note: The screen shots below are using the Okta Classic UI. You can switch to it by clicking the gear icon on the upper right corner of the screen.
Creating the Okta Application
The first step is to create a new Okta Application Integration. Of the various “sign on methods” available, choose SAML 2.0.
1. Creating the Okta Application
The first step is to create a new Okta Application Integration.
Of the various “sign on methods” available, choose SAML 2.0.
2. Configure the Okta Application
Next you will be guided through a wizard to configure the Okta application.
The first step is to give it a name and an icon.
And click Next.
The next step is to configure the SAML application’s settings.
Warning: The values you need to use are dependent upon your Ostorlab organisation prefix. Be sure to replace
<organisation_prefix>with your actual organisation prefix.
| SAML Setting | Value |
|---|---|
| Single Sign-on URL | https://api.ostorlab.co/saml/acs/?org=<organisation_prefix> |
| Audience URI | https://api.ostorlab.co/saml/metadata/ |
| Default Relay State | Empty |
| Name ID Format | EmailAddress or Persistent |
| App username |
Important: Do not change the value of Name ID Format value once your users have started using Ostorlab—not even switching its value between
EmailAddressorPersistent.
In addition, you can optionally provide two attribute statements so that users who sign in with their Okta credentials will have proper user names.
Click Next.
After the Ostorlab SAML application has been created in Okta, the next step is to assign users to it. This will grant specific users or groups access to sign into Ostorlab with their Okta-provided credentials.
To assign users or groups to the application, navigate to the Assignments tab on the application page and click choose assign.
3. Configure Ostorlab with Application details
The final step, is to configure Ostorlab with details on your new Okta-based SAML application.
To do this, you need to obtain the IDP information from Okta and then provide it to Ostorlab.
First, navigate to the Sign On tab on the application page.
The fields you will need are Sign on URL, Sign out URL, Issuer and the Signing Certificate.
Next, in your ostorlab dashboard, click on the menu button.
Select library to expand, and choose integrations.
Choose SAML.
Select CONFIGURATION and paste the IDP information into the corresponding fields.
Then select Save.
Now you are all set to log into Ostorlab.