This guide explains how customers can configure their SAML settings using Okta as their identity provider example.
If you enable and configure SAML in the Frontegg Portal, your customers can configure their settings to allow their users to sign in with Okta using SAML.
Here is how.
Your customer needs to create a new SAML application with Okta that they can use for their Frontegg application.
Below is an example.
Okta will require certain information from customer. See the example below.
Under the SSO URL, enter your
frontegg subdomain followed by
/auth/saml/callback. This is the same one you entered on the Frontegg portal for the ACS URL configuration.
For the SP Entity ID, enter the entity ID that you defined in the Frontegg portal.
Check out the SAML configuration guide for additional information on the ACS URL and SP Entity ID.
Choose the Name ID format of EmailAddress and Application username as Okta username.
The final step is transfer an XML file from the identity provider to Frontegg.
To do that, first download the metadata XML from the customer's identity provider. Next, upload the XML file to the customer's Frontegg Portal.
That is it. Now you and your customer have added SAML.
When configuring SSO for a customer account, you have the option to map your IDP groups to your roles in the Frontegg Portal.
For the mapping to work, first you should configure your IDP so that the name of the group key is groups.
You also need the IDP group names from your IDP that you want to map to your roles. Below is an example of how to find IDP group names in Okta.
Sign in to your Okta account and go to Directory and find the Groups page. In the image below of an example Okta account, Managers is an Okta Group Name.
Use those Group Names to map groups to roles.
Updated about 1 month ago