Versions Compared

Old Version 3

changes.mady.by.user Chiara Sannitz

Saved on

compared with

New Version Current

changes.mady.by.user Nathan Gosse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Instructions for using Okta's SAML authentication provider with Squirro.

Table of Contents

Table of Contents
outlinetrue
excludeTable of Contents

Set up Application in Okta

  1. Log into Okta developer console
  2. Switch view to "Classic UI"
  3. Select "Applications"
  4. Select "Create New App"
  5. Set "Platform" to "Web"
  6. Set "Sign on method" to "SAML 2.0"
  7. Select "Next"
  8. Set a Name
  9. Set the Single Sign On URL to https://SQUIRRO/sso/callback (URL of your Squirro installation plus the path /sso/callback)
  10. Set the Entity ID as https://sso.squirro.com/o/saml2/entity
  11. Set the application username to "Email"
  12. Leave other settings as is
  13. Finish the setup and under the "Sign On" tab, select "View Setup Instructions" for SAML 2.0
  14. Click on "Download certificate"
  15. Copy the IDP Metadata to a file on your machine
  16. On the "Assignments" tab, add the people or groups who should have access to Squirro

Configure SAML Metadata

To configure SAML Single Sign-On with the federation metadata file, go to the Server space in Squirro and in the navigation on the left select Single Sign-On (SAML).

Press the red plus button on the top right. Fill out the form:

  • Domain: *
  • Enabled: Check
  • Metadata file: upload the IDP Metadata file downloaded earlier
  • Certificate: upload the certificate file downloaded earlier
  • User group: Select a user group which should be assigned to all SSO users

Image Removed

Enable SSO

For security reasons, the final configuration needs to be done directly on the server. Log into the server using SSH or similar means and edit the file /etc/squirro/frontend.ini. Then append the following lines at the end:

Code Block
[security]
sso_enabled = true
sso_endpoint = http://localhost:81/studio/extauth_saml/extauth

Reduce HTTP Session

By default Squirro will keep user sessions for 30 days, surviving browser restarts as well. In a Single Sign-On environment, this should be changed to the session expiring once the user restarts the browser. This can be achieved by changing /etc/squirro/frontend.ini and adding the following lines:

...

This page can now be found at Okta SAML Setup on the Squirro Docs site.