What is SAML SSO?
SAML SSO (Security Assertion Markup Language Single Sign-On) is an authentication method that streamlines access to multiple applications by allowing users to log in once using their credentials from a central identity provider (IdP). Instead of requiring separate usernames and passwords for each application, SAML SSO enables users to access applications with a single login. This eliminates the need for users to remember multiple credentials and reduces the risk of compromised accounts.
For Octo specifically, SAML SSO integration provides several key benefits. Administrators can centrally manage user access and permissions across all integrated applications, enhancing security and simplifying user management. By delegating authentication to a trusted IdP, Octo leverages the security measures and identity management capabilities already in place within the organization. This not only improves overall security but also enhances the user experience by providing a seamless and convenient login process.
Identity Providers
Currently, Octo exclusively supports Okta and Google Workspace as its designated SAML Identity Providers (IdPs). This facilitates user authentication, allowing seamless login to Octo by leveraging the credentials established within these reputable platforms.
Okta is a leading identity and access management (IAM) solution, providing secure and centralized user authentication across various applications.
Google Workspace, on the other hand, offers a suite of productivity tools and services, including secure authentication capabilities.
Please note: To initiate the integration process, it's crucial to record your unique User ID and Org ID within the Octo platform, as these identifiers will be essential throughout the configuration steps.
Okta SAML SSO
Before proceeding, you should know that you must be a super administrator to add SAML apps.
Now, on your Okta admin page, follow these steps:
Create App Integration: On your Okta admin page, go to Applications and then create an app integration. Choose SAML 2.0, then click Next.
a. General Setting. Edit details like the name and logo of your app. Click Next to proceed.
b. Configure SAML.
Take note of the single sign-on URL and Audience URL (SP Entity ID): https://login.alphaus.cloud/octo/saml.
Enable the "Use this Recipient URL" and "Destination URL" options.
For Attribute Statements, enter the values provided, see here, and leave the remaining values at their default settings. Then, click "Next.”
c. Feedback. In this part, Okta support wants to understand how you configured your application. Click on the options that apply to you, and then click Finish.
2. Get the metadata.xml:
Open the application you created.
Navigate to the ‘Sign-On’ section.
Locate the Metadata URL link and click on it to open it in a new tab or window.
Once the metadata file loads, right-click anywhere on the page.
Select the ‘Save As’ option from the context menu.
Save the file with the name metadata.xml in a location that you can easily access later.
3. Register the IdP to Octo:
In Octo, navigate to Preferences and select the Identity Provider Management tab. Here, you will register your metadata.xml file. Provide a name for the identity provider, upload the metadata.xml file, and click Submit to complete the registration process. After submission, make sure to take note of the IdP ID, as it will be required for the subsequent steps.
4. Set up Attributes to Users:
Return to the Okta Admin page and navigate to Directory > Profile Editor. Select the User (default) profile, then proceed to add the following attributes.
5. Assigning Users to the Application
Assigning users to an application in Okta can be accomplished in two ways:
Assign the application to a user
Assign a user to the application
Both methods are detailed below:
Method 1: Assigning the Application to a User
Navigate to the Okta Admin page.
Go to Directory > People.
Select the specific user to whom you want to assign the application.
Click the Applications tab within the user's profile.
Locate the application you created and assign it to the user.
Method 2: Assigning a User to the Application
On the Okta Admin page, navigate to Applications.
Select the application you created.
Open the Assignments tab for that application.
Assign the desired user from this section.
Once users are assigned, the application will appear on their Okta Dashboard, granting them access as configured.
6. Update the User Info:
To update a user's information in Okta, follow these steps:
Log in to the Okta Admin Console.
Navigate to Directory in the sidebar menu and select People.
Locate and select the user whose information you want to update.
Once on the user's details page, go to the Profile tab.
Click the Edit button to enable editing of the user's profile attributes.
Update the values for the required attributes as needed.
Save your changes to apply the updates.
7. Verify and Complete the Login Process:
On your Okta dashboard, you should now see the application you recently created. Locate and open the app, which will direct you to a page displaying a message telling you that you are logging in. Confirm your details and click the Login button to proceed.
Google Workspace SAML SSO
Before proceeding, you should know that you must be a super administrator to add SAML apps to your Google workspace account.
Now, you can follow these steps:
Create Custom Attributes:
Sign in to the Google Workspace Admin Console.
Navigate to Directory and select Users.
In the Users section, click on More Options.
Choose Manage Custom Attributes from the menu.
Click on Add Custom Attributes and configure the desired fields.
2. Creating a Custom SAML App in Google Workspace
Step 1: Access the Google Workspace Admin Console
Navigate to the Admin Console.
Go to Apps > SAML Apps > Web and Mobile Apps.
Click the (+) Add App button and select Add a custom SAML app.
Step 2: Configure App Details
Name the app according to your preference. You may also upload an icon to represent the app.
Click Continue to proceed.
Step 3: Google Identity Provider (IdP) Details
On the next screen, click Download Metadata to download the metadata file for your Google Identity Provider.
Save this file for use during the service provider setup.
Step 4: Configure Service Provider (SP) Details
After downloading the metadata, you would need to enter this:
Entity ID: https://login.alphaus.cloud/octo/saml
Leave the remaining settings at their default values.
Click Continue to proceed.
Step 5: Set Up Attribute Mapping
Click Add Mapping.
Input the required attributes as specified below:
Save the configuration.
3. Register the Identity Provider (IdP) in Octo
Log in to Octo and navigate to the Preferences section.
Select the Identity Provider Management tab.
Register your IdP by:
Uploading your metadata.xml file.
Providing a descriptive name for the IdP.
Clicking the Submit button.
After registration, take note of the IdP ID, as it will be required in subsequent steps.
4. Add Custom Attribute Values to Users
Navigate to Directory > Users.
Select the user to whom you want to assign custom attributes.
Go to User Information > Octo SAML Attributes.
Edit the attributes and add the necessary values as required for your setup:
IsCover: true
Profiles: {orgId}:{roles} it safe to assume this value for now -> {orgId}:user/Viewer
IDPID: {The IdpId of the metadata.xml you regsitered in octo}
SubUserId: {The id of the current users octo account}
5. Verify and Test Login
a. Ensure App Visibility:
Navigate to the app you created.
Go to the User Access tab.
Click Edit and set the app to On for Everyone. This ensures the app is visible to all users.
b. Test SAML Login:
As an admin, you can test the app by clicking the Test SAML Login button in the app settings.
For non-admin users, the app will be accessible in the Google Apps menu, located beside their profile picture.