Okta

How to Configure SAML 2.0 for MURAL

Contents

Supported Features

The Okta/MURAL SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. In Okta, select the Sign On tab for the MURAL SAML app, then click Edit.

    1. [Optional, if you want to pass Okta user id to the MURAL]:

      In the Attributes (Optional) section, add the externalId attribute and set the following value: user.id

    2. if you want to pass Okta user id to the MURAL, add externalId with user.id value in Okta Sign On, Attributes section

    3. Scroll down to Advanced Sign-on Settings and enter:

      • Entity ID: https://app.mural.co (for both Production and Scim environments)

      • Assertion Consumer Service URL:

          Production: https://api.mural.co/api/v0/authenticate/saml2/callback

          Scim: https://scim.mural.engineering/api/v0/authenticate/saml2/callback

    4. Application username format: Select Email.

    5. Click Save.

  2. Still in Okta, select the Assignments tab and assign a user to the application.

  3. Sign in to your MURAL account as an administrator.

  4. Go to Company Dashboard > SSO.

  5. Under SSO settings, enter the following:

    • IDP metadata: Save the following as metadata.xml, then upload it:

      Sign in to Okta Admin app to have this variable generated for you.
    • Request binding: Select HTTP-POST

    • Sign in algorithm: Select SHA256

    • Leave Disable audience validation and Disable signing authentication request unchecked.

    • In the Claim mapping section enter the following:

      • Email Address: email
      • First name: firstName
      • Last name: lastName
      • [Optional]: External ID: externalId
    • Click Test single sign-on.

    • After successful testing, click Save single sign-on.

    Company Dashboard -> SSO, enter SAML config values

  6. The application now supports SP-initiated SSO. If you want to enable IdP-initiated flow:

    • Contact the MURAL Support team and ask them to provide you with the Default Relay State value.

    • Enter the Default Relay State value under the Sign On tab for the MURAL SAML app in Okta.

      Note: You need to activate IdP-initiated SSO in order for JIT (Just In Time) Provisioning to work properly.

  7. Done!


Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Open your MURAL Login URL.

  2. Enter your Work email.

  3. Click Sign In.