SAML SSO

Configuring SAML SSO with Okta

Guide to configure Okta SAML SSO for Outpost Enterprise users and teams.

For Outpost Enterprise users, you can securely manage your team's access to Outpost using Okta SAML SSO.

This feature is only available on Outpost Enterprise.

For Outpost Enterprise users, you can securely manage your team's access to Outpost using Okta SAML SSO.

Step 1: Create SAML Integration

In your Okta Dashboard, click on Applications in the sidebar.

Applications tab on the Okta Dashboard

Applications tab on the Okta Dashboard

Then, click on Create App Integration.

Create App Integration button on the Okta Dashboard

Create App Integration button on the Okta Dashboard

Select SAML 2.0 as the sign on method, and click Next.

Saml 2.0 option on the Okta Dashboard

Saml 2.0 option on the Okta Dashboard

In the General Settings page, enter "Outpost" as the app name, and click Next.

General Settings page on the Okta Dashboard

General Settings page on the Okta Dashboard

Copy the following values and paste them into the SAML Settings > General section:

Single sign-on URL

URL
https://api.outpost.run/auth/sso/saml/callback

Audience URI (SP Entity ID)

ID
https://outpost.run
SAML Settings page on the Okta Dashboard

SAML Settings page on the Okta Dashboard

Step 2: Configure Attribute Statements

Right below the General section, you'll see the Attribute Statements section.

Attribute Statements section on the Okta Dashboard

Attribute Statements section on the Okta Dashboard

Click on Add Another and add the following attribute statements:

NameValue
iduser.id
emailuser.email
firstNameuser.firstName
lastNameuser.lastName

Once that's done, click Next.

Step 3: Submit Feedback

Under the Feedback section, select This is an internal app that we have created and click Finish.

Feedback section on the Okta Dashboard

Feedback section on the Okta Dashboard

Step 4: Copy the Metadata URL

After you've submitted the feedback, you'll be redirected to the Sign On tab, which contains the metadata URL.

Sign On tab on the Okta Dashboard

Sign On tab on the Okta Dashboard

Copy the metadata URL and return to the Outpost dashboard.

Step 5: Configure SAML SSO on Outpost

In your team dashboard on Outpost, click on the Settings tab in the menu bar at the top. Then, click on the Security tab in the sidebar.

SAML SSO section on the Outpost Dashboard

Under the SAML Single Sign-On section, click on Configure. This will open up the SAML SSO modal:

  1. Select Okta as the SAML provider.
  2. Enter the Metadata URL value that you copied from Step 4.
  3. Click Save changes.

SAML SSO Modal

Step 6: Assign Users

We highly recommend configuring SCIM Directory Sync before assigning users & groups to your workspace. This will ensure that your users are automatically added to your workspace when they sign in for the first time, as well as automatically removed when they are deactivated in Okta.

Once you've configured SAML SSO, you can start assigning users & groups to your workspace.

Click on the Assignments tab, and click Assign. You can choose to assign users individually, or assign them in bulk by group.

Assigning users in Okta

Select the users or groups you want to assign and click Assign.

Assigning users in Okta choose users

In the next screen, scroll to the bottom and click Save and Go Back.

Saving Okta assignment

Your assigned users should now receive an invitation email to join your Outpost team.

SAML invite email

They will also be able to sign in to Outpost using Okta SSO.