Artifactory's SAML SSO system supports Okta. The process to integrate the login provider with Artifactory can be found below: In Okta: 1. Log in to Okta as a user with administrator privileges (Admin panel) 2. Click on Applications > Applications3. Click on Create App Integration > SAML 2.0:
4. Fill in the App name: <desired_app_name>, click Next 5. In Configure SAML - Fill in the following:
- Single Sign-On URL for Artifactory 6.X version:
https://${ARTIFACTORY_URL}/webapp/saml/loginResponse
(e.g. https://yourcompany.jfrog.io/yourcompany/webapp/saml/loginResponse) - Single Sign-On URL for Artifactory 7.X version (lower than 7.83.1):
https://${ARTIFACTORY_URL}/ui/api/v1/auth/saml/loginResponse
(e.g. https://yourcompany.jfrog.io/ui/api/v1/auth/saml/loginResponse) - Single Sign-On URL for Artifactory 7.83.1 version and higher:
https://${ARTIFACTORY_URL}/ui/api/v1/auth/saml/loginResponse/<SAML_DISPLAY_NAME>
(e.g. https://yourcompany.jfrog.io/ui/api/v1/auth/saml/loginResponse/okta-production) - Audience URI (SP Entity ID):
https://${ARTIFACTORY_URL}
(e.g. https://yourcompany.jfrog.io/yourcompany) - Name ID Format:
Unspecified - Application username:
Okta username
Note: If you’d like Okta to log on to Artifactory using the username part of a user's email address (i.e. "admin" from "admin@company.com"), choose Custom instead of Okta username. Add this string into the Custom Rule:
String.substringBefore(user.email, "@") - Update application username on:
Leave as “Create and update”
6. Click Next and then click Finish You should be directed into your newly created app (if not - you can click on it in Applications > Applications) 7. Click on Sign On tab
8. On the right side you need to click on View SAML setup instructions
9. Copy the data from the text boxes that appear, paste them in Artifactory's SAML settings 10. Sign out URL can be found on Sign On tab > More details
Once clicked - it would expand and show the Sign out URL
In Artifactory: 1. Log in as a user with Admin privileges 2. Click on the Administrator tab 3. Click on Authentication (in the left-hand side menu) 4. Click on SAML SSO (in the left-hand side menu) 5. Fill out the different fields in the Artifactory UI, refer to this table of what items go where :
|
Okta |
Artifactory |
|
Identity Provider Single Sign-On URL |
SAML Login URL |
|
https://<Account_Name>.okta.com |
SAML Logout URL |
|
Identity Provider Issuer |
SAML Service Provider Name |
|
X.509 Certificate |
SAML Certificate |
6. Click Save 7. Logout from Artifactory and go to the Login page 8. Click SSO LoginNoteFor all users that you create in Okta, don't forget to assign them as users in Artifactory, as well. Additional information about Group Sync (for Artifactory versions 5.3.0 and above), can be found here.