This guide assumes you have completed the prerequisite steps (e.g. generate self-signed X.509 certificates) outlined here.
Firezone supports Single Sign-On (SSO) using Okta through the generic SAML 2.0 connector. This guide will walk you through how to configure the integration.
Create a SAML connector
In the Okta admin portal, create a new app integration under
the Application tab. Select
SAML 2.0 as the authentication method.
Use the following config values during setup:
|App logo||save link as|
|Single sign on URL||This is your Firezone |
|Audience (EntityID)||This should be the same as your Firezone |
|Name ID format||EmailAddress|
|Update application username on||Create and update|
Okta's documentation contains additional details on the purpose of each configuration setting.
After creating the SAML connector, visit the
View SAML setup instructions link in
the Sign On tab to download the metadata document. You'll need
to copy-paste the contents of this document into the Firezone portal in the next step.
Add SAML identity provider to Firezone
In the Firezone portal, add a SAML identity provider under the Security tab by filling out the following information:
|Config ID||Okta||Used to construct endpoints required in the SAML authentication flow (e.g., receiving assertions, login requests).|
|Label||Okta||Appears on the sign in button for authentication.|
|Metadata||see note||Paste the contents of the SAML metadata document you downloaded in the previous step from Okta.|
|Require signed assertions||Checked.|
|Required signed envelopes||Checked.|
After saving the SAML config, you should see a
Sign in with Okta button
on your Firezone portal sign-in page.