We have the option for SSO configuration in DronaHQ Studio. For someone having their own IDP (Identity Provider) for sign-in or authentication, SSO comes in the role, making it easier for the users to have single login details. In this article, we will configure our SSO by adding SAML and we will use Okta for this which is authentication and authorization services to your applications.
Create SAML app on Okta
- Go to Okta, create an account, and then go to its admin section. There on the dashboard, we can find Applications.
- Click on Create App integration then select SAML 2.0 then finish.
We will get three phases of integration. First is General Setting, under this provide ap name and logo then continue.
Next, we will provide details for SAML Settings. Here, most of the details which are required to be filled in are available on DronaHQ Studio.
- Go to DronaHQ Studio > Manage users > SSO Configuration >ADD SAML. Copy the SAML Metadata Link and paste it on another tab. It will download a file, open this file in any editor.
Single sign-on URL: It is the location where SAML assertion is sent with an HTTP POST, known as SAML Assertion Consumer Service URL. Locate this on the Metadata downloaded and paste it here.
Audience URL: This, we have to fill with entity ID present in the same downloaded file. Copy and paste the same.
Keep the default values for the rest.
- Attribute Statements: This is an important part where will provide two attributes of name and email with values user.firstname and user.email respectively. You can add other user attributes such as location, department, etc. that you can configure in DronaHQ Studio
- Click on next.
- Fill in the feedback form and then finish.
Here we can add all the people related to the organization for the SAML SSO configuration.
- Go to Assignments > Assign > Assign to people > Click assign for the user > Done.
DronaHQ SAML Configuration
Now that we have created our application on Okta for SAML we will now configure it on DronaHQ Studio. Most of the details which are required to be filled in are available on Okta.
Go to Okta SAML integration and under Sign on there is Identity Provider Metadata. Here we can find the details required for SAML configuration on DronaHQ Studio. Click on it and it will open up a tab with metadata details.
- Go to DronaHQ Studio > Manage users > SSO Configuration > ADD SAML.
Name: Give a proper name related to the organization for SAML login integration.
Entity ID: The entity ID is present on Okta. Copy the ID and paste it.
Login URL / SSO URL: Copy and paste the details of location of singlesignonservice from metadata for POST method
Certificate File: For this part copy the certificate from the metadata and go to SAML TOOL and paste it there then format the certificate.
Copy the generated certificate, save it as a file with the .cer extension. Upload the file on Studio under the Certificate File section.
Binding type: Give it an HTTP post since it is supported on SAML.
Restricted Domain: Provide the login domain for which you want the users to get added and then others will get restricted also, this will let DronaHQ know what domain users should be redirected to your SSO login page.
Add claim list: Since we have already assigned Email and Name on Okta while integrating SAML. We will now write an email and name.
Enable JIT: Just in time (JIT) user provisioning enables DronaHQ to provision user accounts when users sign in via SAML/Oauth for the first time. This means you won’t have to manually invite each user to DronaHQ first.
- Click on save to draft and it will be ready.
Test SAML configuration
Click on Test SSO beside your configured SAML. It will open up a pop-up window.
Login with Okta credentials and click on Sign In.
If the integration is correct and the test of SSO is successful, it will show a message of SSO Login working successfully at the bottom.
Activate SAML Configuration
Click on with respect to the SAML integration and then choose Activate.
NOTE: Only one SSO configuration can be active at a time, so make sure to deactivate others before activating your own configuration.
SAML in action
Now we will check whether the SAML is working or not during login.
Simply go to the DronaHQ web app login and fill in the email with the domain we have configured earlier.
Instead of asking for a password it will say Login via IDP, click on it and it will open up a pop-up window of okta and the user can log in with okta login credentials.
Go to the Manage user section and the newly added user will be visible thereafter successful login via IDP.