From aefdd1658f2b224becfef1ed1bf05b6e60654438 Mon Sep 17 00:00:00 2001 From: Sangith Ravichandran Date: Sun, 7 Jul 2024 22:15:42 +0530 Subject: [PATCH] Updated SAML SSO document --- .../docs/configuration/security/okta-sso.md | 169 +++++++----------- 1 file changed, 69 insertions(+), 100 deletions(-) diff --git a/src/pages/docs/configuration/security/okta-sso.md b/src/pages/docs/configuration/security/okta-sso.md index 328d32d2..354cffd3 100644 --- a/src/pages/docs/configuration/security/okta-sso.md +++ b/src/pages/docs/configuration/security/okta-sso.md @@ -1,10 +1,10 @@ --- title: "Setting Up Okta Single Sign-On Integration with SAML Login in Testsigma" -page_title: "Configuring Okta Single Sign-On Integration with SAML in Testsigma" +page_title: "Configuring Okta SSO Integration with SAML in Testsigma" metadesc: "Single Sign-On (SSO) provides faster, easier, and trusted access to applications. Learn how to set up Single Sign-On (SSO) with SAML login easily in Testsigma." noindex: false order: 19.23 -page_id: "Setting Up Okta Single Sign-On Integration with SAML Login in Testsigma" +page_id: "setting-up-okta-sso-with-saml--in-testsigma" search_keyword: "" warning: false contextual_links: @@ -14,133 +14,102 @@ contextual_links: name: "Terminology" url: "#terminology" - type: link - name: "I. Getting the Testsigma Configuration for Okta" - url: "#i-getting-the-testsigma-configuration-for-okta" + name: "Getting the Testsigma Configuration for Okta" + url: "#getting-the-testsigma-configuration-for-okta" - type: link - name: "II. Create and configure OKTA" - url: "#ii-create-and-configure-okta" + name: "Create and configure Okta" + url: "#create-and-configure-okta" - type: link - name: "III. Configuring Testsigma for Okta" - url: "#iii-configuring-testsigma-for-okta" + name: "Configure Testsigma for Okta SSO" + url: "#configure-testsigma-for-okta-sso" +- type: link + name: "Sign in to Testsigma with SAML SSO" + url: "#sign-in-to-testsigma-with-saml-sso" +- type: link + name: "Disable Configured SSO" + url: "#disable-configured-sso" --- --- -Single Sign-On (SSO) provides faster, easier, and trusted access to applications. - -With SSO, you are not required to store and manage passwords for the websites you use regularly. Instead of using passwords, applications that allow SSO login accept secured tokens that grant access to the application. This is mostly used for enterprises and SMBs for easy workforce identity management. - -You can enable Single Sign-On (SSO) in Testsigma with Okta. Once configured, you can log into your Okta Dashboard to see your SSO-supported applications, including Testsigma. Okta will verify the user's identity and permissions, and then grant them access to Testsigma. - +Single Sign-On (SSO) provides faster, easier, and more secure application access, enhancing user experience and security. SSO allows users to access multiple applications with a single login credentials, eliminating the need to remember multiple passwords. Instead of passwords, SSO uses secure tokens to grant access, making it a preferred solution for enterprises and SMBs to manage workforce identities efficiently. This guide will help you configure Okta and Testsigma to work together seamlessly, simplifying user access management and improving productivity. --- + ## **Terminology** -Here are a few entities that you need to be aware of before we move on to the details: +Familiarise yourself with these key terms before proceeding: -|A user|The person requesting access to the service. In this case, Testsigma App User| -|-----|----------| -|A service provider(SP)|The application that provides the service or protects the resource. In this case, Testsigma App| -|An identity provider(IdP)|The service/ repository that manages the user information. It may be Okta, Onelogin, Azure AD, or an in-house IdP/IAM Implementation| -|Entity ID|Entity ID is an identifier(an alphanumeric string or URI given by the Service Provider (SP) that uniquely identifies it. It's often part of a metadata file (an XML file with a certificate, entity ID, and endpoint URLs). You would get this from the IP (Okta, Onelogin e.t.c).| +| Term | Definition | +|----------------------------------|-------------------------------------------------------------------------------------| +| User | The person requesting access to the service. In this case, the Testsigma app user. | +| Service Provider (SP) | The application providing the service. Here, it's Testsigma. | +| Identity Provider (IdP) | The service managing user information, such as Okta, OneLogin, or Azure AD. | +| SAML Certificate/X.509 Certificate | A digital certificate used to verify the identity of the entities in SAML transactions. | +| Single Sign-On URL | The URL where authentication requests are sent for SSO. | +| Audience URI (SP Entity ID) | The unique identifier of the service provider, often a URL. | +| Default RelayState | The URL to redirect users to after authentication. | +| Name ID Format | The format of the user identifier sent in the SAML assertion, typically an email address. | --- -## **I. Getting the Testsigma Configuration for Okta** - -Navigate to **Settings > Security** - -![Choose sso method as SAML](https://docs.testsigma.com/images/security/okta-ssochoose-sso-method-saml.png) -The security page looks as shown below if SSO has not been enabled yet: +## **Getting the Testsigma Configuration for Okta** +1. Navigate to **Settings** > **Security (SSO)**. +2. On the **Security SSO** page, you will see options for **Google** and **SAML**. Enable the **SAML** toggle. [[info | NOTE:]] -|*If you are interested to know how you can set up Google SSO with Testsigma, refer [here](https://testsigma.com/docs/configuration/security/google-sso/)*. - - -You will see two options here - **Google** and **SAML**. Choose SAML and click the **Proceed** button. - -![Shows SAML Configuration Help for Testsigma](https://docs.testsigma.com/images/security/testsigma-sso-config-help.png) - -You will find all the details you need to enter in Okta here as shown below: -The important ones are **‘Entity ID’** and **‘Single Sign-On(ACS) URL’**(refer to the Terminology section). -Note these down to use in the next section - section II. +| You can use only one SSO for your account. If you are using Google SSO, turn it off first. +3. In the **Enable SSO** pop-up, record the **Entity ID (Identifier)** and **Single Sign-On (ACS) URL** for use in Okta configuration. ![getting testsigma configuration](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/getting_testsigma_configuration.gif) --- -## **II. Create and configure OKTA** - -[[info | NOTE:]] -|*We strongly suggest you check with your IT team before trying the below steps since they might have exclusive admin access to the IdP configuration.* - - - -1. Navigate to https://www.okta.com/login and login to the Admin console in OKTA. - - **a.** In the Admin Console, under **Applications**, click **Create App Integration** to get the Create a new app integration form as shown below: - - ![Choose SAML to integrate with Testsigma](https://docs.testsigma.com/images/security/create-app-integration-saml.png) - **b.** Choose SAML 2.0 and click Next -2. On the first page - **General Settings,** you need to enter the details of the application (Testsigma) that you are integrating with SAML. +## **Create and configure Okta** - ![General details of Testsigma app for Okta integration](https://docs.testsigma.com/images/security/general-settings-page-testsigma-app-okta-integration.png) - - **a.** **App Name:** Enter the application name, “Testsigma”, upload the logo (if required) - - **b.** **App logo and visibility:** Upload the app logo if you prefer. -(You may choose to display or not display the icon of Testsigma to the users in the Okta app for both web and mobile) - -Click on **Next** to proceed. - -3. On the second page - **Configure SAML,** we need to provide the Configuration details we got from Testsigma App following the steps in section I. - - ![Fill up form to generate XML for Testsigma's SAML request](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/SAML.png) - **a.** **Single Sign-on URL:** https://app.testsigma.com/saml/77/metadata - - **b.** **Audience URI:** https://app.testsigma.com/saml/77/metadata - - **c.** **Default Relay State :** https://app.testsigma.com - - **d.** **Name ID Format :** EmailAddress (default) - - **e.** **Application Username :** Okta username (default) - - **f.** **Update application username on:** Create and update (default) - -4. On the next page, check the options, **“I'm an OKTA User and adding an Internal App”** and **“This is an internal app that we have created”** and click **Finish**. - -5. Next, you will see a **Sign-on methods** page. The sign-on method determines how a user signs into and manages their credentials for an application. - -![View setup instructions to use while configuring SAML for Testsigma](https://docs.testsigma.com/images/security/view-setup-instructions-saml-testsigma.png) - **a.** Click on **'View Setup Instructions'** - - - **b.** Copy and note down the **'Identity Provider Issuer'**, **'Identity Provider Single Sign-On URL'**, and **'X.509 Certificate'** from this page. -We will need the same on the Testsigma SAML SSO Configuration page in the next section - Section III. - -![SAML certificate](https://docs.testsigma.com/images/security/saml-certificate.png) - -Now, let's move on to the configuration that we need to perform in the Testsigma App. +1. Log in to the [Okta Admin Console](https://www.okta.com/login). +[[info | NOTE:]] +| Check with your IT team before proceeding, as they may have exclusive admin access to the IdP configuration. +1. In the **Admin** Console, under **Applications**, click **Create App Integration**. Choose **SAML 2.0** and click **Next**. +2. In **General Settings** tab fill below details and click **Next** to proceed. + - **App Name**: Enter Application name, example **Testsigma**: + - **App Logo and Visibility**: Upload the app logo if preferred. ![general okta settings](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/okta_general_settings.gif) +3. Configure **SAML Settings** and click **Next** to proceed: + - **Single Sign-On URL**: https://app.testsigma.com/saml/250/callback + - **Audience URI (SP Entity ID)**: https://app.testsigma.com/saml/250/metadata + - **Default RelayState**: https://app.testsigma.com/ui/dashboard + - **Name ID Format**: Select EmailAddress from dropdown. + - **Application Username**: Okta username (default) + - **Update Application Username On**: Create and update (default) +4. Finish Setup by selecting **"I'm an OKTA User and add an Internal App"** and **"This is an internal app we have created"**. Click **Finish**. ![config saml okta](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/config_saml_okta.gif) +5. On the Sign-on methods page, click **View Setup Instructions**. +6. Copy the **Identity Provider Issuer**, **Identity Provider Single Sign-On URL**, and **X.509 Certificate** for use in Testsigma. --- -## **III. Configuring Testsigma for Okta** -You would need to enter the Entity ID, SSO URL, and SAML Certificate you got from the last step (Step 5. b) in the previous section. +## **Configure Testsigma for Okta SSO** -You may notice some differences in the terminologies used within Testsigma and Okta. +1. In Testsigma, enter the **Entity ID**, **SSO URL**, and **SAML Certificate** recorded from Okta. +2. Terminology Mapping: + - **Entity ID**: Same Identity Provider Issuer. + - **Identity Provider Single Sign-On URL**: Paste Single Sign-On (ACS) URL. + - **SAML Certificate**: Paste X.509 Certificate. +3. Click **Confirm Credentials** to confirm the Configuration. ![config testsigma for okta sso](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/config_testsigma_okta_id.gif) -* **Entity Id (Identifier)** is the same as **Identity Provider Issuer** -* **Identity Provider Single Sign-On URL** is same as **Single Sign-On (ACS) URL** -* **SAML Certificate** is referred to as **X.509 Certificate in Okta** - -![Enter the details captured during SAML configuration of Testsigma](https://docs.testsigma.com/images/security/enter-details-saml-certifacte-entity-url-testsigma.png) +--- +## **Sign in to Testsigma with SAML SSO** -Enter the details and click **Confirm**. +After configuring your Testsigma account with SAML, you can log in using SSO. +1. Click **Sign in with SSO** on the Testsigma login page. +2. Enter the **email ID** configured with SSO with the account and click **Sign in**. ![signin through sso](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/signin_through_sso.gif) +[[info | NOTE:]] +| - Install the Okta mobile app for the first-time authentication. +| - You cannot log in through SSO without configuring your email. -And, you are done. +--- +## **Disable Configured SSO** -To disable the SSO login using Okta, click the **Disable** button on the SAML option anytime. +To disable SSO login using Okta, turn off the toggle to disable SAML SSO at any time. A disable SAML SSO warning prompt will appear. Click **I Understand and Disable** to remove the SSO configuration from your account. ![disable configured sso](https://s3.amazonaws.com/static-docs.testsigma.com/new_images/projects/applications/disable_configured_sso.gif) -After this, every user in your account would need to log in to Testsigma via the Okta Dashboard once logged out from the current session. \ No newline at end of file +--- \ No newline at end of file