Okta

Set up SSO with Okta

Requirements

  • Your organization uses Okta for authentication.
  • You have an Admin role.

Just-in-Time (JIT) Provision

With SAML integration, once a user is created on your end (optionally included in a group that has access to Kubit), that user can log in to Kubit immediately. The user profile information will also be automatically updated at every login time.

When a user is deleted/deactivated on your end, they will lose access to Kubit immediately too. There is no offline communication required.

Configure SAML application

1. Create a SAML application

  1. Navigate to the Okta admin portal.

  2. Click on Applications under the Applications tab.

  3. On the Applications screen click on Create App Integration button.

  4. On the Create a new app integration screen select SAML 2.0.

2. Configure app details

  1. On the step 1. General Settings use Kubit SAML as App name.
  2. Download the Kubit logo from the provided Logo URL and upload it as App logo.
    Check the Do not display application icon to users.

  1. On the next step 2. Configure SAML use the provided ACS URL as Single sign-on URL and Entity ID as Audience URI (SP Entity ID).

3. Attributes mapping

  1. On the same screen map Attribute Statements as follows:

    NameValue
    emailuser.email
    nameString.join(" ", user.firstName, user.lastName)
    given_nameuser.firstName
    family_nameuser.lastName
    picture‍‍user.profileUrl


  2. (Optional) On the same screen map Group Attribute Statements as follows:

NameFilter
groupsMatches regex: (group1|group2|group3)

📘

Roles and Permissions

You can manage permissions on the Kubit platform using your IdP groups by mapping the groups attribute. This step is mandatory for utilizing groups for permission management within the Kubit platform.

  1. You can skip the next screen 3. Feedback.

4. Share metadata URL with Kubit

Once the app is created copy the Metadata URL and share it with Kubit Team.


5. Create Bookmark app

Navigate back to the Applications screen.

  1. Click on Browse App Catalog and search for Bookmark App. While on the Bookmark App page click on + Add Integration button.


  1. On the Add Bookmark App screen use Kubit as Application label. Use the provided Login URL as URL. Leave Do not display application icon to users unchecked.
  1. Once the Bookmark App is created download the Kubit logo from the provided Logo URL and upload it.

6. Test

Once configured properly on both sides, please work with the Kubit Team to test the integration. You will be provided a test URL.

7. Open Access

📘

Assignments

Make sure to assign groups to both Kubit SAML and Kubit apps.

Assign Kubit App to specific users

Reference

Auth0: SAML IdP Configuration Settings