|
| 1 | +--- |
| 2 | +title:Okta (SAML) |
| 3 | +description:Setting Up Okta via SAML |
| 4 | +group:single-sign-on |
| 5 | +sub_group:saml |
| 6 | +toc:true |
| 7 | +--- |
| 8 | + |
| 9 | +##Setup Instructions |
| 10 | + |
| 11 | +Below describes how to set up Okta for Single Sing On with Codefresh using SAML. If you do not have the SAML option, please create a support ticket enable SAML for the account account. |
| 12 | + |
| 13 | +###In Codefresh |
| 14 | + |
| 15 | +1. Go to Account Settings > Single Sign On |
| 16 | +1. Select Add Single Sign On > SAML |
| 17 | +1. We need to create an Entry with temp info since we need Codefresh information first for Okta |
| 18 | +-**Display Name**: Name you want to call the integration |
| 19 | +-**IDP Entry**: type in any character |
| 20 | +-**Application Cert**: type in any character |
| 21 | +1. Save |
| 22 | +1. Click Edit, and we will come back for the information |
| 23 | + |
| 24 | +###In Okta |
| 25 | + |
| 26 | +1. Navigate to Applications |
| 27 | +1. Select Create App Integration > SAML2.0 |
| 28 | +1. Next |
| 29 | +1. General Settings |
| 30 | +- Fill in the Name and any other settings you want |
| 31 | +- Next |
| 32 | +1. Configure SAML |
| 33 | +-**Single Sign On URL**: The Assertion URL / Callback URL in Codefresh |
| 34 | +-**Audiance URL**:`g.codefresh.io` |
| 35 | +-**Name ID Format**:`EmailAddress` |
| 36 | +- Attribute Statements |
| 37 | +- Leave "Name Format" as Unspecified |
| 38 | +-**firstName**:`user.firstName` |
| 39 | +-**lastName**:`user.lastName` |
| 40 | +-**email**:`user.email` |
| 41 | +- Next |
| 42 | +1. Feedback |
| 43 | +- Fill this out if showing |
| 44 | +- Finish |
| 45 | +1. Sign On Tab |
| 46 | +- Select**View SAML Setup Instructions** on the right hand side |
| 47 | +- Keep this open as we need it for Codefresh |
| 48 | + |
| 49 | +###Back in Codefresh |
| 50 | + |
| 51 | +1. We are going to fill in the fields with the Okta Inforamtion |
| 52 | +1.**IDP Entry**: Identity Provider Single Sign-On URL in Okta |
| 53 | +1.**Application Certificate**: The X.509 Certificate |
| 54 | +-**Note**: you will get a warning when editing the Certificate section |
| 55 | +- Inclucde the`-----BEGIN CERTIFICATE-----` and`-----END CERTIFICATE-----` |
| 56 | +1. Save |
| 57 | + |
| 58 | +##Test SSO Connection |
| 59 | + |
| 60 | +Now test the SSO with a test user in a different browser or private/incognito browser to make sure it is working. |
| 61 | + |
| 62 | +1. Go to Account Settings > User & Teams |
| 63 | +1. Locate a test user |
| 64 | +1. On the SSO Column, select the SSO name to enable SSO for the user |
| 65 | +1. In a different browser or private/incognito browser window use the Corporate SSO option to log in |