Skip to main content
Skip table of contents

Configure Single Sign-On (SSO) with Okta for the Mend Platform

Overview

This is a step-by-step guide for setting up our SAML Integration offering with the Identity Provider (IdP), Okta. Mend offers SAML integration for two purposes:

  1. Authentication for login 

  2. Role Management (optional)

This article covers SAML integration for Authentication only. Information regarding Role Management can be found here: SAML 2.0 Integration

Common SAML Terminology Referred to in Okta

  • Assertion Consumer Service (ACS) URL: This is referred to as the Single sign on URL within the Configure SAML page when creating the Okta application.

  • Mend Entity ID: This is referred to as the Audience URI (SP Entity ID) within the Configure SAML page when creating the Okta application. This is also referred to as the Audience Restriction setting within the General → SAML Settings of your created Okta application.

  • Okta Entity ID: This information is provided via the Identity Provider Issuer setting within the Sign On → View Setup Instructions page of your created Okta application.

  • Metadata: For our purposes in this article, this information is provided via the View SAML setup instructions option within the Sign On tab of your created Okta application.

Prerequisites

  • Please confirm you have the proper permissions to create an application within your Okta organization.

  • Please confirm you are a Mend Admin in order to create the SAML integration within your Mend organization.

Getting it done

1. Within the Okta application, navigate to the Applications → Applications tab:

image-20240326-131626.png

2. Within the Applications page, click on Create App Integration:

image-20240326-131651.png

3. A pop-up window will appear, asking you to select a Sign-in method. Select the SAML 2.0 option, then click Next:

image-20240326-132033.png

  1. This will bring you to the General Settings page, where it will ask you to name the application and add an App logo. We recommend naming it Mend for consistency, as seen in the screenshot here:

  2. This will bring you to the second step, the Configure SAML page. Here, it will ask you for the SAML configuration from the Mend side. Please see the required information below:

    image-20240326-132055.png

- Single sign-on URL: https://login-<environment>/login/callback?connection=wss-con-<orgUUid>

The Single sign-on URL can be found in the SAML Integration page on the Mend Platform, labelled as ‘Callback URL’.

- Audience URI (SP Entity ID): urn:auth0:<environment>:wss-con-<orgUuid>

The Audience URI can be found in the SAML Integration page on the Mend Platform, labelled as ‘Entity ID’.

Since this test Organization is in our SaaS environment, my SAML settings in Okta will look like this:

image-20240326-132119.png

  1. Scroll down to the bottom of the page and click Next.

  2. We are now at the last step of creating the Mend application in Okta, the Feedback page. Since you are creating an internal application, you will want to select the “I'm an Okta customer adding an internal app” option, as seen here:

image-20240326-132150.png

The rest of the information here is optional to fill in. Scroll down to the bottom of this page and click Finish.

  1. This will open up the Sign On tab of your newly created Mend application. You will want to scroll down until you see the Metadata Details section; keep this information in mind for later:

    image-20240326-132340.png

  2. Now, heading over to the Mend Platform, access the Mend organization that you wish to integrate with SAML and navigate to Configure → Administration→ SAML Integration sidebar option:

    image-20240326-132215.png

  3. Within the SAML Integration tab, you will see the following required settings:

a. Signing Certificate URL: This is going to be the Metadata URL under the Sign On section of the SAML Application we have just created.

This will be in the format https://dev-<Unique-OKTA-ID>.okta.com/app/<Unique-SAML-Key>/SSO/SAML/Metadata

image-20240326-132524.png

b. Email Domains section: In the Email Domains section add the email domain(s) used by your organization:

image-20240326-132531.png

c. Key Attributes section: In the Key Attributes section, add the attributes from your IdP that match the Mend Platform key attributes provided (Name, Email, Group, and Role). You can typically find these attributes by viewing your IdP’s SAML assertion. Below is a simple example:

image-20240326-132537.png

d. Role Mapping Section: In the Role Mapping Section, select the groups that are defined in Okta and map them to the groups created inside the Mend Platform.

image-20240326-132552.png

  1. Once finished, select Save in the top right-hand corner of the page and the settings will be applied, and a prompt informing you the settings have been successfully saved will appear, confirming the integration has been successful.

  2. An assigned user of the application will be able to use the Mend Platform, by specifying the relevant <environment> URL in the browser (e.g. https://saas-eu.mend.io)

Mend Platform and Okta (SSO)

This video provides a brief overview and demonstrates how to configure Single Sign-On (SSO) with Okta for the Mend Platform.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close