This article explains how to set up SAML integration with Okta. To enable logging with Okta, follow the instructions below:
1. In Okta app, go to: Applications → Create App Integration
2. Select SAML 2.0 as the Sign-in method and click Next
3. On the General Settings tab, enter the Calamari name and upload the logo, and then click Next
4. To complete the next step, you need to copy some information from your Calamari account. Log in to Calamari as Admin and go to the Configuration → SAML → Configure.
Copy the Assertion Consumer Service (ACS) URL and paste it into the Single sign on URL field in Okta.
Copy the Entity ID / Audience URI and paste it into the Audience URI (SP Entity ID) field in Okta.
5. Change the Name ID format to “EmailAddress”.
If the usernames in Okta are not the same as the email addresses of Calamari users, you must change the field Application username to "Email".
For SSO to work, email addresses in Okta have to match the email addresses of users registered in Calamari.
Once you have made all the necessary settings, click Next
6. In the Feedback tab, select “I’m an Okta customer adding an internal app” and click the Finish button.
7. In the next step, you need to assign users in Okta to the Calamari app. Click the Assignments tab and then the Assign button to add People or Groups
8. To complete the integration setup, click on the Sign on tab. Scroll down to the View SAML setup instructions button and click to see more details.
On the new browser tab, you will find the details that you need to copy and paste to Calamari
9. Go back to your Calamari App: Configuration → SAML → Configure and turn the integration on.
You should fill in the following fields:
In the SAML SSO URL paste the Identity Provider Single Sign-On URL value from Okta
In Issuer Entity ID paste the Identity Provider Issuer value
For Public certificate, paste X.509 Certificate
10. We’re all set! Now, you may want to set up additional features:
you can turn on forcing the authentication - this feature requires users to re-enter their login credentials
you can customize the sign in button label (custom button name that will be displayed on the Calamari login page)