How to Configure SAML 2.0 for Pritunl

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Pritunl SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

---

Configuration Steps

1. You first need to create an API Token in Okta. In Okta navigate to Security > API.

2. Click Create Token, name the token Pritunl, then click Create Token:

   

3. Save the token value:

   Important: This it the only time you will be able to view the token value.

   

4. Login to your Pritunl account.

5. Navigate to Settings:

   

6. Enter the following (see screen shot at end of step for reference):

   • Single Sign-On: Select Okta.

   • Single Sign-On URL: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • SAML Issuer URL: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • SAML Certificate: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Okta API Token: Paste the token value you saved in step 3:

   • Click Save:

   

7. In Okta, select the Sign On tab for the Pritunl app, then click Edit.

   • Set the Default Relay State to the address your users will use to access the Pritunl server. For example: https://vpn.example.com.

   • Click Save:

   

8. Done!

---

Notes

The following SAML attributes are supported:

Name	Value
username	user.login
email	user.email
org	user.organization

SP-initiated SSO

1. Go to your Pritunl server URL.

2. Click Sign in with Okta: