Okta Configuration
Last updated
Last updated
Enter OKTA's metadata into Sleuth
Option 1: Link to metadata file
Option 2: Enter metadata manually
Sign in to the OKTA Dashboard as an administrator. Open the menu in the top-left corner, expand the " Applications" section and click "Applications:
On the "Applications "page click "Create App Integration". In the pop-up "Create a new app integration" select "SAML 2.0" as the Sign-in method and click "Next":
On the "General Settings" tab enter a name for your application (e.g., Sleuth) and click "Next":
On the "Configure SAML" page, fill in the necessary metadata (found in Sleuth), using the following reference:
Set the "Name ID format" to "Email Address" and click the "Show Advanced Settings" link to expand the settings:
Save the "Sleuth x509 Certificate" (found in Sleuth) in a .pem file, then click "Browse files..." next to "Signature Certificate" and upload the saved file. Activate the "Enable Single Logout" option and enter the necessary information:
In the "Attribute Statements" section add the following Attributes (using the "Add Another" button):
Leave the "Group Attribute Statements" as they are.
Click "Preview the SAML Assertion" if you want to inspect the Assertion before proceeding. Then click "Next" at the bottom-right of the page.
On the "Feedback" page select "I'm an Okta customer adding an internal app" and click "Finish" at the bottom-right of the page (you can leave the rest of the fields blank).
You can now choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.
In OKTA in the "SAML Signing Certificates" section under your Application, find the certificate with status "Active", click on the "Actions" link at the right end of its row and click "View IdP metadata":
The XML file will open in a new tab in your browser -> select and copy its entire URL.
In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":
The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":
Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".
On the Application's homepage click the "Assignments" tab, then click "Assign" and select either "Assign to People" (to assign individual users) or "Assign to Groups" (to assign to groups of users):
| OKTA | SLEUTH | EXAMPLE |
|---|---|---|
| OKTA | SLEUTH | EXAMPLE |
|---|---|---|
| NAME | NAME FORMAT | VALUE |
|---|---|---|
| SLEUTH | OKTA | EXAMPLE |
|---|---|---|
Single sign on URL
Assertion Consumer Service
https://app.sleuth.io/complete/saml/
Audience URI (SP Entity ID)
SAML Entity ID
https://app.sleuth.io/saml/metadata/
Default RelayState
Default Relay State
sleuth
(should be your org slug)
Single Logout URL
Single Logout Service
https://app.sleuth.io/saml/sls/
Unspecified
user.email
first_name
Unspecified
user.firstName
last_name
Unspecified
user.lastName
Entity ID
Identity Provider Issuer
http://www.okta.com/<...>
SSO URL
Identity Provider Single Sign-On URL
https://<...>.okta.com/app/<...>/sso/saml
SLO URL
Identity Provider Single Logout URL
https://<...>.okta.com/app/<...>/slo/saml
Certificate
X.509 Certificate
-----BEGIN CERTIFICATE-----
<...>
-----END CERTIFICATE-----
