Guides
mabl helprelease notesfeature requestssystem status

SSO with SAML: Okta

Suggest Edits

This article outlines the SAML setup process using Okta for the mabl SSO integration. These steps should work with other SAML identity providers with a similar setup. If you use Azure, check out SAML setup: Azure.

Reach out to support

To initiate the SAML setup, reach out to mabl support through the in-app chat or by email: [email protected]. Tell support you'd like to configure a SAML connection and share a link to your mabl workspace.

📘

Helpful information

If your company wants to set up domain lock or configure the SAML connection for multiple domains, let the support team know:

  • Domain lock: all mabl logins from your company's domain must use SSO. Read mabl SSO integration for more details on domain lock.
  • Multiple domains: if some users log in to mabl with [email protected] and other users log in with [email protected], let the support team know which domains you want to use. You can only use domains that your company fully owns.

The support team will provide you with the following values, which are required to configure the SAML connection:

  • Single sign-on URL, also known as the reply URL
  • Audience URI

Configure a SAML connection

In Okta, create a new application and select SAML 2.0 for the sign on method. Click Next.

General settings

Write the app name "mabl" and upload a logo. You may use the following logo:

mabl logo

mabl logo

SAML settings

Enter the single sign-on URL and Audience URI provided by mabl support.

📘

OneLogin

If using OneLogin as your Identity Provider, enter the Audience URI value provided by mabl in both the "SAML Consumer Url" and "SAML Recipient" fields.

Attribute statements

Add the following required attributes:

  • Name: email
  • Name format: Basic
  • Value: user.email

Click Next to configure the final settings.

Final settings

To finish the setup, select the following settings:

  • "I'm an Okta customer adding an internal app"
  • "Contact App Vendor - It's required to contact the vendor to enable SAML."

Click the Finish button to complete the SAML configuration.

Share SAML config details with support

Click on the View Setup Instructions button and provide mabl with either of the following:

  • Metadata xml file
  • Identity provider single sign-on URL, identity provider issuer, and X.509 certificate in CER or PEM format

📘

X.509 Certificate Security

This is a public key certificate. This means there is no security risk passing this to mabl through normal channels.

After mabl gets this information and sets up the required connection to your SAML application, your organization can log in using SSO and restrict access using your identity provider of choice.

Updated almost 2 years ago