Okta

How to Configure SAML 2.0 for Artifactory

Contents

Supported Features

The Okta/Artifactory SAML integration currently supports the following features:

Configuration Steps

  1. Sign in to Artifactory as an administrator.

  2. Navigate to Admin > SAML SSO:

    Artifactory SAML SSO page

  3. Under SAML SSO Configuration, enter the following (see screen shot at end of step for reference):

    • Check Enable SAML Integration.

    • SAML Login URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • SAML Logout URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • SAML Service Provider Name: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • SAML Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Optional: Check Auto Associate Groups: This should be used in conjunction with the next option below, and also with step 4 later in this doc.

      Note: When set, in addition to the groups the user is already associated with, the user will also be associated with the groups returned in the SAML login response. Note that the user's association with the returned groups is not persistent. It is only valid for the current login session.

    • Optional: Group Attribute: Enter group.

    • Email Attribute: Enter email.

    • Optional: Check Auto Create Artifactory Users in order to enable Just In Time (JIT) provisioning.

    • Optional: Check Allow Created Users Access To Profile Page.

      Note: Auto-created users will have access to their profile page and will be able to perform actions such as generate API key.

    • Optional: Leave Auto Redirect Login Link To SAML Login unchecked.

      Note: When set, clicking the login link will direct users to the configured SAML login URL.

    • Click Save.

    2nd Artifactory SAML SSO page

  4. Optional: Enable group attribute in Okta as follows:

    • In Okta, select the Sign On tab for the Artifactory app, then click Edit.

    • Select your preferred group filter from the dropdown list (the Regex rule with the value ".*" in order to send *all* groups to the Artifactory instance we used in our example).

    • Click Save.

    Artifactory SAML SSO in OKTA

  5. Done!


Notes

For SP-initiated SSO

  1. Open the Artifactory login URL: https://[yourArtifactoryURL]/webapp/#/login.

  2. Click SAML SSO.

    3. Artifactory SSO login