Okta

How to Configure SAML 2.0 for Domo

Contents


Supported Features

The Okta/Domo SAML integration currently supports the following features:


Configuration Steps

  1. Log in to Domo as an administrator.

  2. Navigate to Settings > Admin > Security > Single Sign-on.

  3. Check the Enable Single Sign-on button.

    “domogroups2.png"

    The Single Sign-On page appears. See screen shot at end of instructions for reference.

  4. Copy and paste the following into the Identity Provider Endpoint URL field.

    Sign into the Okta Admin Dashboard to generate this variable.

  5. Copy and paste the following into the Entity ID field.

  6. Sign into the Okta Admin Dashboard to generate this variable.

  7. Download, then upload the following x.509 certificate in .cert format.

    Sign into the Okta Admin Dashboard to generate this variable.

    If you are using Google Chrome, the certificate needs to be in .pem format. Download, then upload the following x.509 certificate in .pem format.

    Sign into the Okta Admin Dashboard to generate this variable.

  8. If you don’t need to import Groups from Okta, uncheck Import groups from identity provider, and proceed to step 9.

  9. If you do need to import Groups from Okta, check Import groups from identity provider .

    • In Okta, select the Sign On tab for the Domo app, then click Edit.

    • Select your preferred Group filter from the dropdown list (the Regex rule with the value “.*” in order to send all groups to the Domo instance we used in our example shown here).

    • Click Save.

    “domogroups3.png"

  10. Click Save Changes.

    “domogroups4.png"

    Important: Once users are set up for SSO, they are required to use the SSO sign in.

  11. Done!


Notes

The following SAML attributes are supported:

For SP-initiated SSO

  1. Go to https://[subdomain].domo.com/auth/index.

  2. Click SIGN IN.

  3. “domogroups5.png"