Search…
SAML single sign-on with Okta
Setting up SSO for your Ninox server (Private Cloud or On-Premises) using SAML and Okta
SSO is an Enterprise feature available on request that requires a valid license purchased from Ninox or a certified partner.

SSO using SAML and Okta

The setup details may vary based on which third-party app you use. In the following instructions we use Okta.

Creating a new SAML integration

Step 1: Log in and create app integration

  1. 1.
    Log in to Okta.
  2. 2.
    Click Applications in the left sidebar and select Applications (1) from the dropdown menu.
  3. 3.
    Click the Create App Integration (2) button.

Step 2: Set up sign-up method

In the Create a new app integration pop-up window, select SAML 2.0 (1) as Sign-in method. Click the Next (2) button to proceed.

Step 3: Create SAML integration

  1. 1.
    On the Create SAML Integration page, in the General Settings tab, enter a name in the App name (1) field. In this example it's anastasiya saml test.
  2. 2.
    Click the Next (2) button to proceed.

Step 4: Configure SAML integration

  1. 1.
    In the Configure SAML tab, fill in the fields listed below. (1) Single sign on URL: The URL is a combination of of the protocol https://, your Ninox server domain name (in this example, it's anastasiya.ninoxdb.de), and the path /ums/saml/consume, resulting in something like https://anastasiya.ninoxdb.de/ums/saml/consume. The domain name needs to be replaced with the domain name of your Ninox server. (2) Audience URI (SP Entity ID): ninox-saml (3) Default RelayState: WEB (4) Name ID format: EmailAddress (5) Application username: Okta username (default setting) (6) Update application username on: Create and update (default setting)
  2. 2.
    Click the Next (7) button to proceed.

Step 5: Finish setup in Okta

  1. 1.
    In the Feedback tab, respond to Are you a customer or partner? by selecting I’m a software vendor. I’d like to integrate my app with Okta. (1) Click the Finish (2) button to confirm.
  2. 2.
    Click the Next (3) button to proceed.

Assigning users to your SAML app in Okta

  1. 1.
    On the new application page, click the Assignments (1) tab.
  2. 2.
    Click the Assign (2) dropdown button and select between Assign to People (3) and Assign to Groups.

Option 1: Assign to People

  1. 1.
    In the pop-up window, select a user from the list to individually assign them to your app, then click Assign.
  2. 2.
    Enter the desired information in the pop-up window.
  3. 3.
    Click the Save and Go Back button to confirm.
  4. 4.
    Click the Done button to close the pop-up window.

Option 2: Assign to Groups

  1. 1.
    In the pop-up window, select Everyone, then click Assign.
  2. 2.
    Click the Done button to close the pop-up window.

Retrieving SAML credentials from Okta

Copy the client credentials from Okta to paste them in your Ninox server setup.

Step 1: Open setup instructions

  1. 1.
    On the new application page, click the Sign On (1) tab.
  2. 2.
    Click the View Setup Instructions (2) button. A new page opens.

Step 2: Retrieve SAML credentials

On the new page, copy the Identity Provider Single Sign-On URL (1), the Identity Provider Issuer (2), and click the Download certificate (3) button.

Finishing SAML setup in your Ninox server setup (Private Cloud or On-Premises)

  1. 1.
    Log in to your Ninox Private Cloud or Ninox On-Premises.
  2. 2.
    Click the gear icon in the top-right corner.
  3. 3.
    Select Server Administration from the dropdown menu. A new page opens.
  4. 4.
    Click the Configuration tab.
  5. 5.
    On the Server Configuration page, under Authentication Strategy, click the SAML V2 tab. Fill in the fields listed below. (1) Single Sign on URL (SSO URL): paste from Okta, refer to Retrieving SAML credentials from Okta
    (2) Issuer: paste from Okta, refer to Retrieving SAML credentials from Okta
    (3) IDP Certificate: upload previously downloaded okta.cert file
    (4) Audience: ninox-saml
    (5) Session Duration (in days): 2
    (6) AutoProvision Users: enable
  6. 6.
    Click the Save and Restart (7) button to confirm.