How to Configure SAML 2.0 for Buildkite

Supported Features

The Okta/Buildkite SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Add the custom attributes admin and teams to the Buidkite application. In Okta, go to Directory > Profile Editor.
Search for your Buildkite app, then click the application icon:
Click Add Attribute, then enter the following:
- Data type: Select boolean
- Display name: Enter is Admin?
- Variable name: Enter admin
- Click Save and Add Another
Note:

Scope: If you check user personal, the current attribute will be available once you assign a single user to the Buildkite app and will not be available once you assign a group to the Buildkite app.
Enter the following:
- Data type: Select string
- Display name: Enter teams
- Variable name: Enter teams
- Click Save
Go to the Buildkite application configuration and assign the user on the Assignments tab.
Now you need to specify the admin and teams attributes:
- Is Admin?: Select true, false, or leave undefined
- teams: Enter the UUID of your Buildkite team from the REST API Integration section on the Team Settings page.
Log in to your Buildkite organisation as an administrator.
Go to Settings > Single Sign On.
Choose the Okta provider.

Configure SAML in BuildKite

In the New Okta SSO Provider configuration, copy and paste the following into the Metadata URL field:

Sign into the Okta Admin dashboard to generate this value.
Click Create Provider.

Add and configure Okta as SSO provider in Buildkite

The following SAML attributes are supported:

Name	Value
name	user.firstName user.lastName
admin	appuser.admin
teams	appuser.teams