Okta SAML Setup#
This page provides instructions for setting up Okta’s SAML authentication provider with Squirro.
How to Set Up the Application in Okta#
Log in to the Okta developer console
Switch the view to Classic UI
Click Applications
Click Create New App
Set Platform to Web
Set Sign on method to SAML 2.0
Click Next
Enter a name.
Set the Single Sign On URL to
https://SQUIRRO/sso/callback(URL of your Squirro installation plus the path /sso/callback)Set the Entity ID as
https://sso.squirro.com/o/saml2/entitySet the application username to Email
Leave other settings as is
Finish the setup and under the Sign On tab, select View Setup Instructions for SAML 2.0
Click on Download certificate
Copy the IDP Metadata to a file on your machine
On the Assignments tab, add the people or groups who should have access to Squirro
Configuring SAML Metadata#
To configure SAML Single Sign-On with the federation metadata file, follow the steps below:
Open your Squirro project.
Go to the Server space.
Select Single Sign-On (SAML) in the left navigation menu.
Click the orange plus icon to create a new SSO.
Fill out the form, including the following information:
Domain: *
Enabled: Check
Metadata file: upload the IDP Metadata file downloaded earlier
Certificate: upload the certificate file downloaded earlier
User group: Select a user group to be assigned to all SSO users
Enabling SSO#
For security reasons, the final configuration needs to be done directly on the server.
Log in to the server using SSH or a similar means and edit the file /etc/squirro/frontend.ini. Then append the following lines at the end:
[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth
Reducing HTTP Session#
By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to expire sessions more aggressively. See Reducing Session Lifetime for information.