Sign up for Frontegg

Customer SAML - IDP setup

Suggest Edits

📘

SAML stands for Security Assertions Markup Language. This is an XML based open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).

This guide explains how to create a SAML application in Okta (IDP) and configure the connection on the account's - Admin portal section.


📘

In order to be able to log in via SAML SSO, SAML needs to be enabled on the application login and configured.

Customer Configuration

If SAML is enabled and configured, an end user can configure an SSO connection and allow other users to sign in to the account using SAML SSO.

Here is how.

STEP 1: Create a New SAML Application

Create a new SAML application with Okta that you can use as the Identity Provider for users.

Below is an example.

2880

STEP 2: Enter Information

Okta will require information from the Service Provider, ACS URL and Entity ID. See the example below.

2880

Under the SSO URL, enter the ACS URL - a domain followed by /auth/saml/callback.
For the SP Entity ID, enter the Entity ID that you defined in the Frontegg portal.

Choose the Name ID format of EmailAddress and Application username as Okta username.

STEP 3: Transfer XML

The final step is to transfer an XML file from the identity provider to Admin portal. To do that, first, download the metadata XML from the Identity Provider (Okta).

2880

Next, upload the XML file to the Admin portal.

2316

That is it. Now you and your customer have added SAML.

Mapping Groups to Roles

When configuring SSO for an account, you have the option to map your IDP groups to roles available in the application.

For the mapping to work, first you should configure your IDP so that the name of the group attribute that is send in the SAML response is groups.

You'll also need the IDP group names from your IDP that you want to map to your roles. Below is an example of how to find IDP group names in Okta.

Sign in to your Okta account and go to Directory and find the Groups page. In the image below of an example Okta account, Managers is an Okta Group Name.

Use those Group Names to map groups to roles.

1920

Updated 5 days ago