Okta SAML Setup
Okta SAML Setup#
This page provides instructions for setting up Okta’s SAML authentication provider with Squirro.
How to Set Up the Application in Okta#
Log in to the Okta developer console
Switch the view to Classic UI
Click Create New App
Set Platform to Web
Set Sign on method to SAML 2.0
Enter a name.
Set the Single Sign On URL to
https://SQUIRRO/sso/callback(URL of your Squirro installation plus the path /sso/callback)
Set the Entity ID as
Set the application username to Email
Leave other settings as is
Finish the setup and under the Sign On tab, select View Setup Instructions for SAML 2.0
Click on Download certificate
Copy the IDP Metadata to a file on your machine
On the Assignments tab, add the people or groups who should have access to Squirro
Configuring SAML Metadata#
To configure SAML Single Sign-On with the federation metadata file, follow the steps below:
Open your Squirro project.
Go to the Server space.
Select Single Sign-On (SAML) in the left navigation menu.
Click the orange plus icon to create a new SSO.
Fill out the form, including the following information:
Metadata file: upload the IDP Metadata file downloaded earlier
Certificate: upload the certificate file downloaded earlier
User group: Select a user group to be assigned to all SSO users
For security reasons, the final configuration needs to be done directly on the server.
Log in to the server using SSH or a similar means and edit the file
/etc/squirro/frontend.ini. Then append the following lines at the end:
[security] sso_enabled = true sso_endpoint = http://localhost:81/studio/extauth_saml/extauth
Reducing HTTP Session#
By default Squirro will keep user sessions for 30 days, surviving browser restarts as well.
In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser.
To do so, modify
/etc/squirro/frontend.ini by adding the following lines:
[frontend] session_permanent = false