Skip to main content

Introduction

This guide will detail the various steps required to integrate Okta as a SAML provider for your env zero organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your Okta account to enable them access to your env zero organization. You can also add env zero as an application in your user application dashboard.
In addition, we also support group syncing of the logged in user to match those with env zero teams.

Steps

  1. Login to the Okta admin console
  2. Go to the Applications > Applications
  3. Click on the Add Application button
  4. Click on the Create New App button
  5. Choose Web and SAML 2.0 and click on the Create button
  1. Set the application name to env zero and upload a logo and click on Next
  2. In the Single sign on URL enter https://login.app.env0.com/login/callback?connection=YOUR_ENV0_ORG_ID
  3. In the Audience URL (SP Entity ID) enter urn:auth0:env0:YOUR_ENV0_ORG_ID
    e.g. urn:auth0:env0:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
  4. In the Name ID format put Unspecified
  5. Click on the Show Advanced Settings
  1. Change the Assertion Encryption to be Encrypted and upload the PEM located here
  2. In the ATTRIBUTE STATEMENTS add the following:
NameValue
emailuser.email
firstNameuser.firstName
lastNameuser.lastName
name\{user.firstName} {user.lastName}
  1. Leave the rest of the default values and click Next
  2. If you would like to set up groups as well you should do the following:
  • In the Group Attribute Statements (optional) add and Attribute
  • The name should be teams and then set the filter according to what you wish. For example, to get all groups set a regex filter with the value of (.*?)
Teams syncingTeams will be synced each time a user logins with the following logic:
  1. env zero will create a new team if one doesn’t exists based on the group name we received from the SAML provider.
  2. If the team exists in env zero we will not create a new team.
  3. We will assign the user to all the teams in env zero based on the group names he/she is part of in the SAML provider..
  4. If the user was removed from a group in the SAML provider we will remove him/her from the team in env zero.
  1. Choose I’m an Okta customer adding an internal app and click on Finish.
  2. In the Sign on Tab and click on the View Setup Instructions button.
  3. Download the Okta Certificate
  1. Copy the Identity Provider Single Sign-on URL, then upload with the Okta Certificate to env zero setup SAML single sign-on