Customer SAML - IDP Setup

This guide explains how customers can configure their SAML settings using Okta as their identity provider example.


📘

First you must enable SAML in the Frontegg Portal and configure it.

Customer Configuration

If you enable and configure SAML in the Frontegg Portal, your customers can configure their settings to allow their users to sign in with Okta using SAML.

Here is how.

STEP 1: Create New SAML Application

Your customer needs to create a new SAML application with Okta that they can use for their Frontegg application.

Below is an example.

28802880

STEP 2: Enter Information

Okta will require certain information from customer. See the example below.

28802880

Under the SSO URL, enter your frontegg subdomain followed by /auth/saml/callback. This is the same one you entered on the Frontegg portal for the ACS URL configuration.

For the SP Entity ID, enter the entity ID that you defined in the Frontegg portal.

Check out the SAML configuration guide for additional information on the ACS URL and SP Entity ID.

Choose the Name ID format of EmailAddress and Application username as Okta username.

STEP 3: Transfer XML

The final step is transfer an XML file from the identity provider to Frontegg.

To do that, first download the metadata XML from the customer's identity provider. Next, upload the XML file to the customer's Frontegg Portal.

28802880

That is it. Now you and your customer have added SAML.

Mapping Groups to Roles

When configuring SSO for a customer account, you have the option to map your IDP groups to your roles in the Frontegg Portal.

For the mapping to work, first you should configure your IDP so that the name of the group key is groups.

You also need the IDP group names from your IDP that you want to map to your roles. Below is an example of how to find IDP group names in Okta.

Sign in to your Okta account and go to Directory and find the Groups page. In the image below of an example Okta account, Managers is an Okta Group Name.

Use those Group Names to map groups to roles.

19201920

Did this page help you?