How to Set-Up SSO Integration via SAML

Summary

This article covers how to set Up SSO integration via SAML:

Google

Step 1: Set up Google as a SAML identity provider (IdP)

  1. In your Google Admin console (at admin.google.com), go to “Apps” > “Web and mobile apps”.
  2. Click “Add app” > “Search for apps”.
  3. Click on “Add custom SAML app”.
  4. Write “Opster” in the App name field.
  5. Download the Opster.png image, then click on the app icon and select the image you have just downloaded to set this as the app icon.
  6. Click “Continue”.
  7. On the Google Identity Provider details page, download the IDP metadata and continue to the next step.
  8. On the Service provider details page, set:
  9. Check the “Signed response” checkbox.
  10. Enter EMAIL in the “Name ID format” field and click “Continue”.
  11. On the Attribute Mapping page, map Google directory attributes to corresponding application attributes:
    • Click “Add Mapping”.
    • Click the “Select field” menu and select “First name” as the Google directory attribute and the “displayname” as the app attribute.
    • Click the “Select field” menu and select “Primary email” as the Google directory attribute and the “emailaddress” as the app attribute.
  12. (Optional) If you want to send a user’s group membership information in the SAML response, enter the group names that are relevant for this app in the Group membership field.
    • Under Google groups, click in the Search for a group entry field.
    • Type one or more letters of the group name.
    • Choose the group name from the dropdown list.
    • Add additional groups as needed (total groups cannot exceed 75).
    • Under App attribute, enter the service provider’s corresponding groups attribute name.
    • Note: Regardless of how many group names you enter, the SAML response will only include groups that a user is a member of (directly or indirectly). For more information, see About group membership mapping.
  13. On the Attribute mapping page, click “Finish”.

Step 2: Set up Opster as a SAML 2.0 service provider (SP)

  1. Open a new incognito browser window.
  2. Sign in to Opster.
  3. Navigate to Settings -> Account
  4. Under the SAML section:
  5. Click on the “+” sign to create a new integration.
  6. Select “Google” as the vendor name.
  7. Click “Browse” to upload the IdP Metadata file you have downloaded in Step 1 above and click “Save”.

Step 3: Enable Opster app

  1. In your Google Admin console (at admin.google.com), go to Apps > Web and mobile apps.
  2. Select the Opster SAML app.
  3. Click “User access”.
  4. To turn service on or off for everyone in your organization, click “On for everyone” or “Off for everyone”, and then click “Save”.
  5. (Optional) To turn a service on or off for an organizational unit:
    • On the left, select the organizational unit.
    • To change the Service status, select “On” or “Off”.
    • Choose one:
      • If the Service status is set to Inherited and you want to keep the updated setting, even if the parent setting changes, click “Override”.
      • If the Service status is set to Overridden, either click “Inherit” to revert to the same setting as its parent, or click “Save” to keep the new setting, even if the parent setting changes.
        Note: Learn more about organizational structure.
  6. (Optional) Turn on the service for a group of users.
    Use access groups to turn on a service for specific users within or across your organizational units. Learn more
  7. Ensure that your Opster user account email IDs match those in your Google domain.

Step 4: Verify that the SSO is working

Opster supports Identity Provider (IdP) initiated SSO.
Follow these steps to verify SSO in either mode:

IdP-initiated
  • In your Google Admin console (at admin.google.com), go to Apps > Web and mobile apps.
  • Select Opster SAML.
  • At the top left, click Test SAML login.
    Opster should open in a separate tab. If it doesn’t, use the information in the resulting SAML error messages to update your IdP and SP settings as needed, then retest SAML login.

Okta

Step 1: Set up OKTA as a SAML identity provider (IdP)

  1. Sign in to your Okta tenant as an administrator.
  2. Navigate to Applications > Applications.
  3. Click “Create App Integration”.
  4. In the Create a new app integration dialog, choose SAML 2.0 and click “Next”.
  5. Enter Opster as the App name.
  6. Download the Opster.png image and set it as the app icon.
  7. In the Configure SAML step, in the SAML Settings section, enter values for:
  8. Select “EmailAddress” on “Name ID format” dropdown.
  9. On the “Attribute Statements” add 2 attributes:
    • Name -> displayname, Name format -> Basic, Value -> user.firstName
    • Name -> emailaddress, Name format -> Basic, Value -> user.email
  10. Click “Next”.
  11. On the last page, select “I’m an Okta customer adding an internal app”, and click “Finish”.
  12. Navigate to Applications > Applications.
  13. Click on the name of the newly added application.
  14. Select the “Sign On” tab.
  15. On the right side of the page, click on the “View SAML setup instructions” link under the SAML Setup section.
  16.  The SAML info should open in a separate tab. On the bottom of the page there will be the textbox IDP metadata value, you can copy and save it to a file named OKTAIDPMetadata.xml. 

Step 2: Set up Opster as a SAML 2.0 service provider (SP)

  1. Open a new incognito browser window.
  2. Sign in to Opster.
  3. Navigate to Settings -> Account
  4. Under the SAML section:
    • Click on the “+” sign to create a new integration.
    • Select “OKTA” as the vendor name.
    •  Click “Browse” to upload the IdP Metadata file you downloaded in Step 1 above and click “Save”.

Step 3: Verify that the SSO is working

Follow these steps to verify SSO.

IdP-initiated
  1. In your Okta tenant.
  2. Go to Applications > Applications.
  3. Select the “Opster SAML App”.
  4. Select the “Assignments” tab.
  5. Click on the Assign dropdown and click on “Assign to People”.
  6. Assign a non-admin user and click “Done”.
  7. Open an incognito tab and log in to OKTA with the user you assigned on the previous step.
  8. Click on the Opster app.
  9. Opster should open in a separate tab. 

Azure

Step 1: Set up Azure as a SAML identity provider (IdP)

  1. In your admin console (https://portal.azure.com/), go to “Azure Active Directory”.
  2. Select “Enterprise Applications” from the sidebar.
  3. Click “New Application”, then click “Create your own application”.
  4. Enter ״Opster״ in the App name field.
  5. Choose “Integrate any other application you don’t find in the gallery (Non-gallery)”, and click “Create”.
  6. Download the Opster.png image to your computer.
  7. Select “Properties” from the sidebar and on the Logo section click on “Select a file”, select the Opster.png image and click “Save”.
  8. Click “Single sign on” from the sidebar, choose “SAML” and click “Edit” on the “Basic SAML Configuration” section.
  9. Click on “Add Identifier” and provide value (it can be UUID with, but should start with letter f.e. id8b964454-4b73-4416-8e86-68ecfc1d65f5).
  10.  Add a reply URL: https://api.opster.io/login/sso/saml/init
  11.  Add logout URL: https://api.opster.io/logout
  12.  Click save.
  13.  Click “User and Groups” and select “add user/group”. After selecting your desired users and groups, click “Assign”.
  14. Select “Single Sign-on” from the sidebar.
  15. Copy the value of EntityId.
  16. Copy the value of Azure AD identifier.

Step 2: Set up Opster as a SAML 2.0 service provider (SP)

  1. Open a new incognito window in your browser.
  2. Sign in to Opster..
  3. Navigate to Settings -> Account.
  4. Under the SAML section:
  • Click on the “+” sign to create a new integration.
  • Select “Azure” as the vendor name. 
  • Paste the Azure AD identifier you copied into the form as Iss. 
  • Paste the EntityId you copied into the form as EntityId.
  • Put https://dashboard.opster.io/login/sso/saml in the form as Redirect URL and click “Save”.

Step 3: Verify that the SSO is working

  1. Go to section #5 and click on the “Test” button.
  2. On the right popup, click on the “Test sign in” button.
  3. Select the user that you have assigned on the app config.
  4. Verify that you are logged in to Opster and see the dashboard.

Jump Cloud

Step 1: Set up jump cloud as a SAML identity provider (IdP)

  1. In your console (https://console.jumpcloud.com) using the admin user select SSO on the sidebar.
  2. Click on the “+” sign and then click on the “Custom SAML App” button in order to create a new app.
  3. Enter ״Opster״ in the “Display Label” field.
  4. Download the Opster.png image to your computer.
  5. Click on “Logo” from the “display Option” section.
  6. Click on “replace logo” and select the Opster.png you have downloaded.
  7. Click on the SSO tab.
  8. Set the following fields:
  9. Copy the Idp Entity ID and the SP Entity ID.
  10. Go to “​​User Groups” tab.
  11. Check the “All users” check box and click “activate”.
  12. Go to “User Groups” and click on the “All Users” group.
  13. Add a non admin user to the group and click “Save”.

Step 2: Set up Opster as a SAML 2.0 service provider (SP)

  1. Open a new incognito window in your browser.
  2. Sign in to Opster.
  3. Navigate to Settings -> Account.
  4. Under the SAML section:
  5. Click on the “+” sign to create a new integration.
  6. Select “Jump Cloud” as the vendor name. 
  7. Paste the Idp Entity ID you copied into the form as Iss. 
  8. Paste the SP Entity ID you copied into the form as EntityId.
  9. Put https://dashboard.opster.io/login/sso/saml in the form as Redirect URL and click “Save”.

Step 3: Verify that the SSO is working

  1. Login as the non-admin user.
  2. On the Applications dashboard, click on the “Opster” app.
  3. Verify that you are logged in to Opster and see the dashboard.

Skip to content