SSO

> Okta

Identity provider configuration guide for Okta

It takes three steps to create a SAML-2.0 identity provider in Okta

Step 1. Create an Application for DevInsight

1. Access the Okta Admin console and navigate to Applications > Applications. Click on the Create App Integration button.

2. Choose SAML 2.0 as the Sign-in Method.

3. Provide the App Name (e.g., DevInsight) and proceed to the next step.

4. Enter the Single sign-on URL and Audience URI (SP Entity ID) provided by DevInsight.

5. In the Attribute Statements section, add an entry with

  • Name = email
  • Name format = Unspecified
  • Value = user.email

6. In the Group Attribute Statements section, add an entry with

  • Name = groups
  • Name format = Unspecified
  • Filter = Matches regex .*
    (Note: if you only want to assign certain groups, e.g. DevInsightAdmin or DevInsightViewer, to this application, you can use 'Starts with DevInsight')

7. Click Next, you will enter the Feedback page. You can skip the configuration and click Finish.

8. Following the previous steps, you will be redirected to a page resembling the example below. Please copy the Metadata URL and paste it to DevInsight.

Now, the application for DevInsight is created. You need to continue configuring groups to determine the roles for users to access DevInsight.

Step 2. Create groups for DevInsight

There are two ways to map Okta users to DevInsight roles. One way is to create three new groups (DevInsightAdmin, DevInsightEditor, DevInsightViewer) in Okta. Once the new groups are created, you can add your existing users (people) to them.

1. Go to Groups under the Directory

2. Add the following groups:

  • DevInsightAdmin
  • DevInsightEditor
  • DevInsightViewer

3. Allow them to sign in to DevInsight

  • Click on each group and switch to the Applications tab
  • Click on the Assign Applications
  • Select 'DevInsight'

The other way is to reuse your existing groups and assign them to the 'DevInsight' application. In this case, you do not have to add users (people) to new groups one by one.

In both ways, the Okta group names will be used to map Okta groups to DevInsight roles in the following configuration.

Next Step

1. Switch back to DevInsight's SSO page. Fill out the form in the step 2 of the 'Add Identity Provider' dialogue:

  • Name: give your IdP a unique name
  • Display text on the login page: the text shown on the SSO entry. E.g. Sign in with Okta
  • Metadata: Copy and paste your Metadata URL here

2. In Step 3 - Group Mapping. DevInsight considers Okta group names as group IDs. Thus, just copy and paste the names of your Okta groups ('DevInsightAdmin', 'DevInsightEditor', 'DevInsightViewer', or your existing groups) to the corresponding roles.

3. Click 'Save'.

4. Sign out your current account. The entry of the SSO provider will be shown on your login page.


🎉🎉🎉 Congratulations! You have completed all SSO configurations. Click the button and try it out!