Okta SAML
Log in to Zluri through Okta
To enable clients to log in to Zluri through Okta, you'll need to set up SAML.
Configuration steps
Select domains allowed for SSO in Zluri
In Zluri, navigate to Settings → SSO and select the domains allowed for SSO login. Click Save when done.
If your domain is not listed, you can add it from Settings → Directory Management.
Configure SAML in Okta
-
Go to your Okta Admin Console.
-
In the Admin Console, go to Applications → Applications.
-
Click Create App Integration.
-
Select SAML 2.0.
-
Click Next.
-
In General settings, enter an app name, e.g., Zluri SAML.
-
Click Next.
-
In SAML Settings, configure the following:
-
Single sign-on URL and audience URI from SSO Settings
-
Single sign-on URL = ACS URL
-
Audience URI = SP Entity ID)
-
-
- Attribute Statements:
- Name: email
- Name format: unspecified
- Value: user.email
- Click Next.
- Select I'm an Okta customer adding an internal app and This is an internal app that we have created.
- Click Finish.
- In the Settings section of the Sign On tab, locate and click on View SAML setup instructions on the right side and copy the Identity Provider Single Sign-On URL:
- Download the certificate required to upload on the Zluri dashboard.
- Assign the app to all the users by clicking on assign to groups.
Configure sign in URL and signing certificate in Zluri
In Zluri's SSO Settings, enter the sign-in URL you obtained in step 13, upload the certificate you downloaded in step 14, then click Save.
Finally, click Test connection to try logging in with your Okta credentials. If you can log in successfully, then it works. Next time any user of your organization tries to log in they will be redirected to the Okta login page.
Editing an existing SAML setup
Rotate SAML certificates
X.509 certificates have a defined lifetime (e.g., in Google Workspace, it has a validity of 5 years). You should rotate a certificate if it's about to expire or if it becomes compromised.
If a certificate expires before you rotate it, your users won’t be able to use SSO to sign in to any SAML applications that use that certificate until you replace it with a new certificate.
To rotate the certificate:
- Open the SAML app in your SSO, navigate to the certificate page, and recreate it.
- Once you get the new certificate, please upload it to the Zluri platform.
Save the connection, and you can continue to use the SAML connection as configured.
Add/remove SAML domains
To add or remove SAML domains, go to SSO Settings, select/deselect the domains that you want to configure for SAML, then click Save.
Got questions? Feel free to submit a ticket or contact us directly at [email protected].
Updated 2 months ago