Okta (SAML On-Prem)
Review SAML (On-Prem) before you begin.
Configure Sysdig Monitor and/or Sysdig Secure as a SAML application using Okta’s documentation for Setting Up a SAML Application in Okta. The notes below call out specific steps that require additional action.
Sysdig-Specific Steps for Okta Configuration
IDP-Initiated Login Flow
If you don’t intend to configure IDP-initiated login flow, check the boxes for “Do not display application icon to users” and “Do not display application icon in the Okta Mobile app”.
SSO, URI, and RelayState Values
Enter the values shown in the table below, replacing HOSTNAME
with
the hostname through which your users access the Sysdig application(s)
and PORT
with the TCP port # (typically 443).
To configure IDP-initiated login flow, replace CUSTOMER-ID-NUMBER
with the number retrieved as described in Find Your Customer
Number. (Normally the
Customer ID will be 1
in on-prem installations.)
Setting | Value for Sysdig Monitor | Value for Sysdig Secure |
---|---|---|
Single sign on URL |
|
|
Audience URI (SP Entity ID) |
|
|
Default RelayState (optional - only configure if you intend to use IDP-initiated login flow) |
|
|
You must include the port number in the IDP-side configuration,even though port 443 is the typical default for https://
URLs.
Email and Name Values
Instead of those shown in the Okta example, add these values:
Name | Value |
---|---|
email | user.email |
first name | user.firstName |
last name | user.lastName |
Note that the attributes are case sensitive, so use caution when entering them.
Only email
is required. However, including first/last name is
recommended, since these values will now be included in the records
created in the Sysdig platform’s database when new users successfully
login via SAML for the first time.
URL Metadata Value
Copy the URL and paste in the Metadata entry on the SAML Configuration page in the SAML connection settings.
Test Metadata (Optional)
To ensure the metadata URL you copy at the end of the IDP configuration procedure is correct, you can test it by directly accessing it via your browser.
When accessing the URL, your browser should immediately download an XML file that begins similarly to the example shown below. No entry of credentials or other security measures should be required to successfully download it. If this is not the case, revisit the IDP configuration steps.
<?xml version= "1.0" ?> <EntityDescriptor xmlns= "urn:oasis:names:tc:SAML:2.0:metadata" entityID= "https://app.onelogin.com/saml/metadata/680358" > `<IDPSSODescriptor xmlns:ds=` `"http://www.w3.org/2000/09/xmldsig#" ` `protocolSupportEnumeration=` `"urn:oasis:names:tc:SAML:2.0:protocol"` `>names:tc:SAML:` `2.0` `:metadata` `" entityID="` ` https://app.onelogin.com/saml/metadata/ ` `680358` `">` ... |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.