Single Sign-On with OKTA
This article explains configuring Single Sign-On (SSO) in CodeScan with Okta as your SAML 2.0 Identity Provider.
To allow users to log in via SAML SSO, CodeScan must be able to trust and rely on Okta to authenticate users wanting to log in. To establish this trust relationship, you must configure Okta and CodeScan so both parties can exchange authentication information.
When SSO is enabled, users and groups logging into CodeScan are redirected to the Okta login page. After successful authentication, they are redirected to the AutoRABIT Dashboard.
Who can use this feature
Only Organization Admins can set up SAML SSO.
You will need an existing Okta account to set up SAML SSO with Okta.
Step 1: Enabling Single Sign-On in CodeScan
Before configuring SSO in OKTA, you must enable SSO in CodeScan.
In the
Connection name
field, enter the identity provider name as you want to appear (use only Latin characters without spaces and any special characters). Example-OKTA-SAML
Enter a valid domain name of the organization in the
Corporate domain
field that can be authenticated in the Identity Provider. This property cannot be updated after SAML Connection creation. Example- In case ofabc@autorabit.com
, the corporate domain will beautorabit.com
.Keep the
Enforce SSO
checkbox unchecked for now. You can enable Enforce SSO later when your domain has been confirmed. Once enabled, only SSO authentication will be allowed for email addresses of your corporate domain.Point to Note:
Enforcing SSO affects both login and signup. Existing Auth0 users won't be able to login.
Signup with email domain same as corporate domain won't be allowed.
If the
Enforce SSO
is enabled prematurely, it will prevent all users in their organisation from accessing CodeScan. Consider enforcing SSO only after admins have logged in to CodeScan using SSO.
Step 2: Adding CodeScan as an App in OKTA
Set up the CodeScan application to provide necessary configuration information for CodeScan.
Sign in to Okta. You must have the Applications
Admin
permission.If you donât have an Okta organization, you can create a free Okta Developer Edition organization here: https://developer.okta.com/signup/
Navigate to the
Admin
dashboard.In the
Configure SAML
tab, do the following:Single sign on URL
: Enter the sameURL
in the below format:{instanceurl}/codescan/login/saml2/sso/{connection_id}
For example: If your instance URL ishttps://app.codescan.io
and the connection_id isOKTA-SAML
, your SSO URL would behttps://app.codescan.io/_codescan/login/saml2/sso/OKTA-SAML
Where can I find my Connection ID
?
Your connection id will be available in the Metadata URL
generated inside CodeScan.
For example:
Metadata URL- https://app.codescan.io/_codescan/saml2/metadata/OKTA-SAML
Connection Id: OKTA-SAML
On the same screen, in the
Attribute Statements
panel, add the following attributes (mandatory) and map to corresponding OKTA properties:
Name | Name format | Value |
---|---|---|
|
|
|
|
|
|
|
|
|
Click
Next
to continue.
Step 3: Configuring SAML Connection in CodeScan
Once the application is created, you will need to enter the identity provider data from OKTA into CodeScan.
In OKTA, go to the
Sign On
tab and navigate to theSAML Signing Certificates
section.Open the downloaded certificate in Notepad. You will need to copy the content of the certificate into the
X509 Signing Certificate
field of CodeScan SAML connection [Step 7.c below].A new tab will open, which displays the IdP metadata file in XML format.
Enter the following values:
Provider Entity Id
: Copy the entityID value and paste it intoProvider Entity Id
inside CodeScan.
Click
Update
on the CodeScan page.The next step is to confirm your corporate domain to get the SSO working. You can confirm domain by raising a request via Codescan Support.
Step 4: Testing the Single Sign-On Configuration
Enter the corporate domain name you have configured when enabling SSO inside CodeScan in the
Your Company email
field. For example-autorabit.com
You should successfully redirect to the CodeScan
Organization
page after authentication.
Last updated