How to Configure SAML 2.0 for Bomgar

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Bomgar SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

---

Configuration Steps

1. Login to your Bomgar account as an administrator.

2. Navigate to USERS & SECURITY > SECURITY PROVIDERS.

3. Select SAML from the dropdown menu.

4. Click Create Provider.

   

5. The SAML configuration screen appears.

6. Under General Settings, enter the following:

   • Name: Enter Okta.

   • Check the Enabled box.

7. Copy and save the following as metadata.xml.

   Sign in to the Okta Admin app to have this variable generated for you.

8. Under Identity Provider Settings, enter the following:

   • Metadata: Click Choose File, then navigate to the metadata.xml file you just saved.

   • Click Upload Identity Provider Metadata.

   

   Note: Other fields such as Entity ID and Single Sign-On Service URL are populated automatically once the metadata is uploaded.

9. Wait for a The metadata was successfully uploaded message to appear, then continue with the User Provision Settings below.

10. Under User Provision Settings, enter the following (use the default values):

    • Username: Username.

    • Check the Use the same attribute for public and private display names box.

    • Display Names: {FirstName} {LastName}.

    

11. Under Authorization Settings, enter the following:

    • Attribute Name: Groups.

    • Default Group Policy: Select your Default Group Policy from the drop-down list.

12. Click Save Changes:

    

13. In Okta, select the Sign On tab for the Bomgar application, then click Edit:

    • Select your preferred Groups filter from the dropdown list.

      Note: The Regex rule with the value ".*" in order to send *all* Okta groups to the Bomgar instance we used in our example below.

    • Email Attribute Value: Select the value (either email or username) that will be mapped to Email SAML attribute.

    • Click Save:

    

14. Done!

---

Notes

• Make sure that you entered the correct value in the Base URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Bomgar.

• The following SAML attributes are supported:

  Name	Value
  FirstName	user.firstName
  LastName	user.lastName
  Email	user.userName OR user.email
  Username	user.userName
  Groups	This will be configured in the app UI; see groups attribute instructions above.

SP-initiated SSO

1. Open https://[yourBaseUrl]/login/login.

2. Click Use SAML Authentication: