Okta, an Identity-as-a-Service (IDaaS) provider, supports authentication using Secure Assertion Markup Language (SAML). You can use SAML as an authentication type on Appsmith and configure the setup to use Okta as an identity provider.
{% hint style="info" %} Security Assertion Markup Language (SAML) is available only in the enterprise edition for self-hosted instances, and only the Superuser of your Appsmith Instance can set up SAML. {% endhint %}
Log in to your Okta Developer Account and navigate to Applications >> Applications >> Click Create App Integration.
{% embed url="https://youtu.be/4Tj2OEV-r10" %} How to create an app integration? {% endembed %}
- Choose SAML as the Sign-in method and click Next.
- Use this screen to configure a meaningful name and logo for your application, and click Next.
- On the next screen, provide details as per the below mapping table, and then click Next.
- On the next screen, select details as per the below mapping table, and click Finish.
| Field Appsmith SAML Configuration | Field Okta SAML Configuration |
|---|---|
| Redirect URL | Single sign-on URL |
| Entity URL | Audience URI (SP Entity ID) |
| Name ID Format | Select Email Address |
| Application Username |
You’ll see that the app integration is created on Okta. Navigate to Appsmith to configure the SAML fields and complete the configuration.
To complete the SAML setup, you’ll have to register Okta as a provider on the Appsmith platform. Follow the instructions listed below to complete this step:
There are several ways to register the identity provider on Appsmith and complete the SAML Configuration. Follow the one that best suits you:
SAML metadata is an XML document that provides information required for interaction with a SAML-enabled identity or service provider. The Metadata URL is the URL metadata for SAML configuration hosted on a remote server.
{% hint style="info" %} Metadata URL is the quickest and most recommended way to set up SAML. {% endhint %}
- Navigate to Applications >> Applications >> Application Name (SAMLAppsmithIntegration) >> Click on tab Sign On >> Scroll down to SAML configuration instructions >> Click Identity Provider Metadata link to open the metadata in a browser tab >> Copy the URL from address bar.
- Navigate to Appsmith, add the Metadata URL and click
SAVE & RESTARTbutton to save the configuration.
If you don’t have a Metadata URL but have a raw SAML metadata XML document, you can choose XML to configure SAML.
- Navigate to Appsmith, click XML, add the raw XML in the
Metadata XMLfield and click theSAVE & RESTARTbutton to save the configuration.
You can also configure SAML by providing the identity provider(IdP) data. If you have Identity provider’s data like X509 Public Certificate, Email, and more, you can choose this option to configure SAML.
- Navigate to Applications >> Applications >> Application Name (SAMLAppsmithIntegration) >> Click on tab Sign On >> Scroll down to SAML 2.0 >> Click View Setup Instructions
- The Setup Instructions screen opens up in a new browser tab. Add the content of the tags as per the below mapping table on the Appsmith platform:
| Appsmith Field Name | Metadata XML Tag |
|---|---|
| Entity ID | Identity Provider Issuer |
| Single Sign On URL | Identity Provider Single Sign-On URL |
| X509 Public Certificate | X.509 Certificate |
| <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> |
Once you have supplied the details, click the SAVE & RESTART button to save the configuration.
Once the server restarts with new configurations, you will see a screen showing the message ‘Authentication Successful!’.
You’ll see a login screen with a button SIGN IN WITH SAML SSO.
