How to Configure SAML 2.0 for Samanage

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Samanage SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• Just In Time (JIT) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Log into your Samanage tenant as an administrator.

2. Navigate to Setup from the left navigational pane:

   

3. Scroll down and click the Users & Access > Single Sign-On.

4. Enable Single Sign-On with SAML: Check this box:

   

5. Enter the following:

   • Identity Provider URL: Copy and paste the following:

     Sign into the Okta Admin app to generate this variable.

   • Logout URL: Copy and paste the following:

     Sign into the Okta Admin app to generate this variable.

   • Error URL: Copy and paste the following:

     Sign into the Okta Admin app to generate this variable.

   • SAML Issuer: Copy and paste the last part of the following value:

     Sign into the Okta Admin Dashboard to generate this variable.

   

   • x.509 Certificate: Copy and paste the following:

     Sign into the Okta Admin app to generate this variable.

   

6. Create users if they do not exist in Samanage: Check this box if you want to enable Just In Time (JIT) Provisioning.

7. Redirect to the saml login page when logging into Samanage by default: Check this box if you are going to disable regular (username/password) login option.

   NOTE: Do not check this box till SAML configuration tested successfully. You will not be able to login with your username/password anymore.

8. Click Update:



9. Optional: If you are using a custom Samanage URL, in Okta, select the Sign On tab for the Samanage app, then scroll down to the ADVANCED SIGN-ON SETTINGS section.

   • Enter the ACS URL value (see Custom Samanage URLs) into the corresponding field.

   • Click Save:

   

10. Done!

---

Notes

For Standard Samanage URLs: Make sure that you entered the correct value in the Subdomain field under the General application tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Samanage.

Custom Samanage URLs

If you have a custom Samanage URL, obtain your ACS URL value as follows:

1. Go to [CustomSamanageURL]/saml/metadata. An XML file like the following will appear once the page loads:

   

2. Locate and make a copy of your ACS URL value from the Location attribute.

SP-initiated SSO

1. Go to your Samanage URL.

2. Click Single Sign-On: