SAML SSO Configuration with Okta

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

WebUI Changes implemented in Artifactory 7.38.x and above

Security is now called Authentication Providers. All the relevant text and images on this page have been updated to reflect this change.

This procedure describes how to configure Artifactory SAML SSO with Okta.

To use SAML SSO with Okta:

  1. Log in to Okta with administrator privileges.

  2. In the Administration module, select Add Application | Create New App | SAML 2.0.

    2021-06-07_14-14-28.png
  3. Enter the App name:<desired_app_name>, and click Next.

  4. In the SAML Settings enter the following:

    • Single Sign-On URL for Artifactory 6.X version.

      https://${ARTIFACTORY_URL}/artifactory/webapp/saml/loginResponse

      Example

      https://yourcompany.jfrog.io/artifactory/webapp/saml/loginResponse
    • Single Sign-On URL for Artifactory 7.x version.

      https://${ARTIFACTORY_URL}/ui/api/v1/auth/saml/loginResponse

      Example

      https://yourcompany.jfrog.io/ui/api/v1/auth/saml/loginResponse
    • Audience URI (SP Entity ID).

      https://${ARTIFACTORY_URL}

      Example

      https://yourcompany.jfrog.io/
    • Name ID Format: Unspecified

    • Application username: Okta username

      image (45).png

      Note

      You can log into Artifactory with Okta by using the username of a user's email address (i.e. "admin" from "admin@ company.com"). Choose Custom instead of Okta username and add String.substringBefore(user.email, "@") into the Custom Rule.

  5. Click Next and then click Finish. A SAML 2.0 frame is displayed under the Settings frame.

  6. Click View Setup Instructions.

  7. Copy the data from the text boxes and paste them in Artifactory's SAML SSO settings.

To use SAML SSO with Artifactory.

  1. Log into Artifactory with administrator privileges.

  2. From Administration | Authentication | SAML Integration define the fields as below.

    Okta

    Artifactory

    Identity Provider Single Sign-On URL

    SAML Login URL

    https://<Account_Name>. okta.com

    SAML Logout URL

    Identity Provider Issuer

    SAML Service Provider Name

    X.509 Certificate

    SAML Certificate

  3. Click Save.

  4. Logout from Artifactory and go to the Login page.

  5. Click SSO Login.

Note

Okta users need to be assigned with permissions for Artifactory. For more information see Group Sync (for Artifactory versions 5.3.0 and above.