Skip to main content

Configure Okta SAML SSO

Prerequisites

To set up Okta SAML SSO in DronaHQ, you will need:

  1. An Okta account with permissions to create an SAML integration Application.
  2. Manage Users access on self-hosted DronaHQ instance or DronaHQ Cloud to configure SSO configurations.

Configure in OKTA

  1. Navigate to the OKTA dashboard, Go to Admin section. From the left side menu, go to Applications -> Applications.
Navigate to Application
Navigate to Application

  1. Download and open DronaHQ metadata file. To locate this file, Go to DronaHQ -> Manage Users -> SSO CONFIGURATION -> + Add SSO -> SAML 2.0. Under Entity ID and Metadata URL, open this url file that will be useful in next steps.

  2. Select Create App Integration and configure the app with below field options -

FieldDescription
Sign-on methodSAML 2.0
App Integration NameGive a suitable name to your application. Eg - DronaHQ OKTA SSO.
Logo(optional) you can provide a logo for your app.
Single sign-on URLIt is the location where SAML assertion is sent with an HTTP POST, known as SAML Assertion Consumer Service URL. Locate this in the Metadata downloaded and paste it here. Ex - https://studio.dronahq.com/callback/saml
Audience URLThis, we have to fill with entity ID present in the same Metadata downloaded file. Copy and paste the same. Ex - https://studio.dronahq.com/saml/metadata
Attribute StatementsThis is an important part where will provide two attributes of name and email with values user.firstname and user.email respectively. You can add other user attributes such as location, department, etc. that you can configure in DronaHQ in next steps
Attribute Statements
Attribute Statements
SAML App Setup
SAML App Setup
  1. Click Next. Fill in the feedback form and then finish.

Assign Users

Here we can add all the people related to the organization for the SAML SSO configuration.

Assignment
Assignment
  1. Go to Assignments -> Assign -> Assign to people -> Click assign for the user -> Done.
Assign Users
Assign Users

Now that we have created our application on Okta for SAML, we will now configure SAML SSO on DronaHQ.

Configure in DronaHQ

In order to configure SAML in DronaHQ, we will need metadata file of OKTA. To get this file from OKTA, Go to Okta SAML integration and under Sign on there is SAML Signing Certificates.

Here we can find all the available active/inactive certificate along with the option to create a new certificate.

Click on Actions -> View IdP Metadata of an active certificate and it will open up a tab with metadata details.

View OKTA Metadata file
View OKTA Metadata file

In the same screen, Click on Actions -> Download certificate and it will download .cer file that you can keep it for later use.

OKTA Metadata file
OKTA Metadata file
  1. Now that we have metadata file, In DronaHQ, Go to Manage Users -> SSO Configuration -> + ADD SSO -> SAML 2.0

Enter form with below fields -

FieldDescription
NameProvide Friendly Name of this SSO configuration
Entity IDThe entity ID is present on Okta metadata file. Copy the ID and paste it.
Login URL / SSO URLEnter the details of location of singlesignonservice from Okta metadata file for POST method.
X509 public certificateX509Certificate file in .cer format. This file we have downloaded from OKTA in previous step can be used here.
Binding typeEnter HTTP POST.
Restricted DomainEnter domain name for which you want your users to login with for this SSO Configuration. You can add multiple domain names as well. eg - domain1.com , domain2.com. DronaHQ will automatically redirect to SSO url when we encounter any user’s sign in request with an email id belonging to the given restricted domain.
Want Auth request signedKeep this default setting as False.
Add Claim ListWe have already assigned Email and Name on Okta while integrating SAML. We will now enter same key name - email and name and map it to DHQ User Name and DHQ User Email respectively.
Enable JIT user provisioningToggle this ON so that you won’t have to manually invite each user to DronaHQ first.
Enable SCIM User ProvisioningEnable this in case you want to create, update and deactivate User accounts at your OKTA portal and sync it with DronaHQ user management.
  1. Save the draft. Again navigate back to the SSO configuration option. You can see the newly created SAML.
SAML in Draft state
SAML in Draft state
  1. You can click on Test SSO button and it will open SSO Login url in a popup window.
SAML Signin URL
SAML Signin URL
  1. Once you login successfully and if everything is set up correctly, then finally you will see a success message at the bottom.
SAML Signin Success
SAML Signin Success
  1. Now, that testing is successful, you can click on the more option for above SSO configuration and click on Activate to make it live.
SAML SSO Active
SAML SSO Active

OKTA SAML in Action

Now, since our OKTA SAML SSO is live, we check in either DronaHQ End user portal - Web, Android or iOS and see our configured okta saml sso in action.

Simply go to DronaHQ End user webapp and enter your email id with domain that matches the configured restricted domain specified in SSO configuration and Click Continue.

SAML in WebApp
SAML in WebApp

Instead of asking for password, it asks for Login via Okta SAML SSO provider. Click on it and open a popup window of okta and the user can login with Okta login credentials.

Go to Manage User section on DronaHQ and you will see the new user created since JIT was enabled.

Last updated on