Okta SAML
Set up single sign-on with Okta SAML
Last updated
Set up single sign-on with Okta SAML
Last updated
Log in to your Okta organization as a user with administrative privileges. If you don't have an existing Okta organization, you can create a free Okta Developer Edition organization.
Create App Integration
From the menu on the left, choose “Applications” and click “Create App Integration”, as shown below:
When prompted, choose “SAML 2.0” as the “Sign-in method”, and click “Next”.
Set the “App name” and (optional) set an “App logo”, then click “Next”. Feel free to use the Enso logo for this integration.
Set the “Single sign on URL” and “Audience URI”. These should both contain the same value, ending with your organization’s domain.
For example, the organization “example.com” would use the following value:
https://app.enso.security/saml/consume/example.com
Choose “EmailAddress” for the “Name ID format” field, and “Okta username” for the “Application username” field.
Scroll down the page, set the “Attribute Statements” according to the following table:
Once these values are set, click the “Next” button near the bottom of the page.
Select “I’m an Okta customer adding an internal app”, and check the box for “This is an internal app that we have created”, then click “Finish”.
Now that the Okta Application has been created, the following details should be sent to Enso to complete the integration process:
Identity Provider Single Sign-On URL | The URL for your identity provider sign-in page | https://dev-111.okta.com/app/dev-111_example_1/abc123def890XYZ567oo/sso/saml |
X.509 Certificate | The identity provider’s public key, encoded in Base64 format | -----BEGIN CERTIFICATE----- MIIDqDABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ ABCDEFGHIJKLMNOPQRSTUVWXYZ ABCDEFGHIJKLMNOPQj9g== -----END CERTIFICATE----- |
User email domains | The email domains which should have access to your organization in Enso |
|
In order to retrieve these details:
Select the “Sign On” section for your newly created Okta Application, as shown below:
Towards the bottom of the “Sign On” page, find the “SAML Signing Certificates” section. The certificate row for “Type: SHA-2” contains an “Actions” menu. Click this menu and select “View IdP metadata”.
A page containing XML data should open. Please copy the address for this page and send it to Enso, or instead send us the entire XML contents of the page. The URL should have the following structure:
The final step in the process is assigning any Users and/or Groups to the newly created Enso Okta Application.
Any users assigned to this application will be granted access to Enso.
People and Groups can be accessed from the “Directory” menu on the left.
Each of the People in the organization can be assigned to an application using the “Assign Applications” button. The user’s “Primary Email” is the value Enso will use to identify users.
A similar assignment process is also available for Groups.
Alternatively, People and Groups can be assigned from the application page by clicking the “Assignments” tab:
More information on application assignment is available in Okta’s official documentation:
