Skip to main content

Okta with SAML

This guide provides step-by-step instructions for configuring Dataedo to integrate with Okta as your identity provider, ensuring secure and efficient user authentication. Similar instruction may apply to other

Initial configuration in Okta

  1. Login to Okta, then find the Applications > Applications tab:

  2. Click the Create App Integration button, and select SAML 2.0, then click Next.

  3. Choose an App name and logo, then click Next.

  4. In the next screen, type in the address your Dataedo Portal will be accessed on followed by /api/api/auth/assertion-consumer (for example http://your-Dataedo-Web.address/api/api/auth/assertion-consumer).

  5. Type in a uniquely identifying name of your choice in the Audience URI field. Note this name – you will need it for the issuer field in Dataedo settings.

  6. Click Next, then fill the Feedback form or continue by pressing Finish.

  7. You'll see the Sign On settings screen looking like this:

  8. Now you need to pass configuration info from Okta to Dataedo Portal. The easiest way is to copy the link to dynamic configuration. To do this, right-click the Identity Provider metadata link and choose the Copy link address option. You will need this link later.

important

Make sure to assign users allowed access in the Assignments tab.

Configuring SAML in Dataedo Portal (Windows)

Follow this section for Dataedo installed on a Windows machine.

  1. Find the installation path of Dataedo Portal (the default address is: C:\Users\<username>\AppData\Local\Dataedo Portal), then go to the Applications\API\ subfolder.

  2. Right-click and edit the appsettings.json file, and find the Saml2 section. Your configuration should look like this:

    Sample appsettings.json file config
    # This sample contains inline comments for explanation purposes
    # JSON is a strict format and doesn't support inline comments
    # Remove all inline comments (#) before using this configuration in your environment
    {
      "Saml2": {
        # Paste the Identity Provider metadata URL here, or the path to the metadata XML file.
        "IdPMetadata": "https://dev-09528757.okta.com/app/exk1cy8saliBpdSUh5d7/sso/saml/metadata",

        # Paste the Audience URI from Okta's SAML settings > Audience Restriction field here.
        "Issuer": "unique_identifier",

        # Set the signature algorithm. Default is RSA_SHA256.
        # If you use RSA_SHA1, change this value to http://www.w3.org/2001/04/xmldsig-more#rsa-sha1.
        "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",

        # Certificate validation mode. Default is ChainTrust.
        "CertificateValidationMode": "ChainTrust",

        # Revocation mode. Default is NoCheck.
        "RevocationMode": "NoCheck"
      },
      "Saml2Client": {
        # Fill in the display name for the Identity Provider.
        # Display name cannot contain spaces, use underscores (_) instead.
        "DisplayName": "Okta SAML",

        # Ensure this URL points to your Dataedo Portal application address.
        "ClientUrl": "http://192.168.0.21:80"
      }
    }

  3. Go to IIS Manager, and restart the Dataedo Portal app for changes to take effect.

  4. If you open Dataedo Portal, you'll see the option to login with Okta:

Clicking it will either take you to the Okta login page or if you’re already logged in, directly to your Dataedo Portal page.

Configuring SAML in Dataedo Portal Docker image

Follow this section for Portal running from a Docker image.

  1. Open .env file that should be located in same folder as docker-compose.yml file, find the Single Sign On section and fill in as follows:

    # Single sign-on configuration
    # Paste the Identity Provider metadata URL here, or the path to the metadata XML file.
    DATAEDO_SSO_IDP_METADATA="https://dev-09528757.okta.com/app/exk1cy8saliBpdSUh5d7/sso/saml/metadata"
    # Paste the Audience URI from Okta's SAML settings > Audience Restriction field here.
    DATAEDO_SSO_ISSUER="unique_identifier"
    # Set the signature algorithm. Default is RSA_SHA256.
    # If you use RSA_SHA1, set this value to http://www.w3.org/2001/04/xmldsig-more#rsa-sha1
    DATAEDO_SSO_SIGNATURE_ALGORITHM=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
    # Certificate validation mode. Default is ChainTrust.
    DATAEDO_SSO_CERTIFICATE_VALIDATION_MODE=ChainTrust
    # Revocation mode. Default is NoCheck.
    DATAEDO_SSO_REVOCATION_MODE=NoCheck
    # Fill in the display name for the Identity Provider.
    # Display name cannot contain spaces, use underscores (_) instead.
    DATAEDO_SSO_DISPLAY_NAME="Okta_SAML"
    # Ensure this URL points to your Dataedo Portal application address.
    DATAEDO_SSO_CLIENT_URL="https://yourwebiste.com/"

  2. Update your Docker Compose with:

        docker-compose up -d

  3. If you open Dataedo Portal, you'll see the option to login with Okta:

Clicking it will either take you to the Okta login page or if you’re already logged in, directly to your Dataedo Portal page.

Need help?

If you run into any problems or have questions, reach out to Dataedo support.

On this page
Dataedo LogoDataedo Logo
If you have any questions or need assistance, feel free to reach out to the Dataedo support team.
Dataedo support