SAML setup with Okta

(1) Set up Okta Developer Account

Follow these steps to setup SAML authentication using an Identity Provider Issuer, such as Okta.

 

(2) Create Application

(3) Setup IDP
Navigate to Organization -> Settings to setup Single Sign-on. Click on Add IDP to begin.

(4) Set SSO URL using IDP ACS URL and leave advanced settings as-is (signing algorithm should match IDP setting)

(5) Set Audience URI (SP Entity ID)

Mist supports two different Entity IDs; the generic https://saml.mist.com, or the SSO-specific https://saml-<domain>.mist.com.

For the latter Entity ID, the <domain> must be replaced with your SSO’s unique domain. This domain can be obtained from the IDP ACS URL found in the previous step (where the ACS URL is in the format https://api.mist.com/api/v1/saml/<domain>/login).

In this guide, our ACS URL is https://api.mist.com/api/v1/saml/gjkai47r/login
This means our SSO-specific Entity ID URL is then https://saml-gjkai47r.mist.com

 

 

(6) Set User Attributes

(7) Save Application

(8) Get Setup Instructions

(9) Fill out the IDP fields using the provided values from Okta

Navigate back to Organization -> Settings to complete the Identity Provider setup.

Issuer = Identity Provider Issuer

Certificate = X.509 Certificate

SSO URL = Identity Provider Single Sign-On URL

(10) Create Roles

Choose any Name and Site Access

(11) Create admin with those roles

Title must match the Role Name created above

(12) Assign admin to Application

(13) Log in with SSO URL