Single Sign On support is a feature only available on the Enterprise plan. Reach out to your Customer Success Manager (CSM) if you would like to have this functionality enabled for your account.
The pre-built Detectify app for Okta is the fastest way to set up the connector, however if that for any reason does not work for you (e.g. you use a script that modifies the Okta attributes that we extract the information from) here you can see how to set up a custom solution.
A Step-by-step guide on how to configure SAML2.0 using Okta:
All screenshots were taken from the Okta Classic UI.
1. Log in to your Okta account
2. Navigate to “Applications” and choose ”Add Application” -> “Create New App”
3. Choose “SAML 2.0”
4. Choose the name of the app and click on “Next”
5. Fill in the required information under SAML Settings:
Single Sign On URL & Entity ID - reach out to your CSM to receive them
User.Email Value: user.email
User.FirstName Value: user.first.Name
User.LastName Value: user.lastName
Specifying “detectify” in the Teams group attribute works as a filter that allows you to send over only those groups that start with “detectify” (we’ll talk about groups later on in this article)
6. In the next view, click on “I'm a software vendor. I'd like to integrate my app with Okta”
Once you’ve done this, it’s time to send us some information so that we can configure your account.
Navigate to the “Sign On” Tab -> “View Setup Instructions”
Extract the following information:
- SAML issuer ID
- Single sign-on URL
- X.509 Certificate or similar
Send over this information to your Customer Success Manager.
Go to Groups and add the following ones:
Everything that starts with “detectify” as a group attribute will be sent over to us with your login request. You will join these teams with specified permission levels provided that they are a part of your company Detectify account.
“Guest”, “user” and “admin” are the different permission levels. You can read more about the admin/user/guest permissions in our KB article here.
TEAM-IDENTIFIER could be your team name (make sure you spell it in the same way as in your account, spaces included) or an immutable team token provided by us.
* or empty string will affect ALL teams accessible for the SAML connection.
Example: detectify-user-* will give all users that join using SAML user-access to all teams.
Please remember that changing the team name will block access.
Assign members to each group:
If the user is added to the groups that contain a team token or team name with different permission levels for the same team, the one offering highest permissions will be selected:
= the user will join TeamA with admin credentials
More specific names will always have priority over wildcards:
= the user will join TeamA with use credentials
6. You're done!
There is no need to add the groups that you have just created (step 4) to your Detectify app since as specified in your SAML Settings we will listen to all the groups which names start with “detectify”:
You’re good to go ahead and sign up via your Single Sign on URL. If everything went well, moving forward you will be able to log in by going to https://detectify.com/login and choosing the Single Sign On option.