The Okta/Jupiter One SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Login to your Jupiter One account.
Click the Settings gear icon, then select Single Sign On:
CONFIGURE:
From the Configuration page, make a copy of your Audience URI (SP Entity ID) and SSO URL values:
Enter the following:
Client Name: Enter OKTA.
SAML Metadata Document URL: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value.
Click Save:
In Okta, select the Sign On tab for the Jupiter One SAML app, then click Edit:
Enter your SSO URL value you made a copy of into the ACS URL field.
Enter your Audience URI (SP Entity ID) value you made a copy of in step 4 into the Entity ID field.
Click Save:
Optional: Group Attribute Steps: To send groups as a part of SAML assertion, in Okta select the Sign On tab for the Jupiter One app, then click Edit.
Select the appropriate filter from the drop-down menu, then type the preferred value into the field.
Click Save.
Note: To send all groups a user is assigned to, select Regex and type .* (dot and star sign).
Make sure that you entered the correct value in the base URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to JupiterOne.
The following SAML attributes are supported:
| Name | Value |
|---|---|
| name | user.displayName |
| user.userName | |
| given_name | user.firstName |
| jupiterone_groups | This is configured in the app UI; see Group attribute instructions (step 6) above. |
Go to: https://[baseurl].apps.dev.jupiterone.io/ URL.