How to Configure an Artifactory SAML SSO with Okta

How to Configure an Artifactory SAML SSO with Okta
AuthorFullName__c
Fadi Rouhana
articleNumber
000001509
ft:sourceType
Salesforce
FirstPublishedDate
2016-10-06T13:35:51Z
lastModifiedDate
2025-02-16
VersionNumber
14

Artifactory's SAML SSO system supports Okta.
The process to integrate the login provider with Artifactory can be found below:

In Okta:
1] Log in to Okta as a user with administrator privileges

2] Click on Add Application > Create New App > SAML 2.0:

User-added image 


User-added image


3] Fill in the App name: <desired_app_name>, click Next

4] Go to SAML Settings 

User-added image

 

Fill in the following
  • Single Sign-On URL for Artifactory 6.X version:
    https://${ARTIFACTORY_URL}/webapp/saml/loginResponse
    (e.g. https://yourcompany.jfrog.io/yourcompany/webapp/saml/loginResponse)
  • Single Sign-On URL for Artifactory 7.X version:
    https://${ARTIFACTORY_URL}/ui/api/v1/auth/saml/loginResponse 
    (e.g. https://yourcompany.jfrog.io/ui/api/v1/auth/saml/loginResponse)
  • Audience URI (SP Entity ID):
    https://${ARTIFACTORY_URL}
    (e.g. https://yourcompany.jfrog.io/yourcompany)
  • Name ID Format:
    Unspecified
  • Application username:
    Okta username
    Note: If you’d like Okta to log on to Artifactory using the username part of a user's email address (i.e. "admin" from "admin@company.com"), choose Custom instead of Okta username. Add this string into the Custom Rule:
    String.substringBefore(user.email, "@")

User-added image 

5] Click Next and then click Finish
    A SAML 2.0 frame will appear under the Settings frame

6] Click View Setup Instructions

7] Copy the data from the text boxes that appear, paste them in Artifactory's SAML settings

In Artifactory:
1] Log in as a user with administrator privileges

2] Click on the Admin tab

3] Click on Security (in the left-hand side menu)

4] Click on SAML Integration (in the left-hand side menu)

5] Fill out the different fields into the Artifactory UI, refer to this table of what items go where :
 

Okta

Artifactory

Identity Provider Single Sign-On URL

SAML Login URL

https://<Account_Name>.okta.com

SAML Logout URL

Identity Provider Issuer

SAML Service Provider Name

X.509 Certificate

SAML Certificate


7] Click Save

8] Logout from Artifactory and go to the Login page

9] Click SSO Login

Note: For all users that you create in Okta, don't forget to assign them as users in Artifactory, as well.

Additional information about Group Sync (for Artifactory versions 5.3.0 and above), can be found HERE.