Configure SAML SSO with Okta for your organization¶
Lightrun offers support for Single Sign-On (SSO) using Okta as the identity provider (IdP) by integrating Lightrun with the SAML 2.0 integration in Okta.
Using SAML, Lightrun functions as a service provider, receiving user authentication information from Okta, which serves as the external identity provider. When SSO is enabled, Lightrun is no longer responsible for user authentication, but still manages the redirection of login requests to the identity provider and verifies the integrity of the response from the identity provider.
Terminology¶
- Identity Provider (IdP): A service that manages user accounts, providing authentication services to applications. Lightrun supports Okta for this purpose.
- Service Provider: The website that hosts apps. In our case, it is Lightrun.
- Service Provider Entity UID: The URL is used to uniquely identify your service provider and is generated in the SSO page in the Lightrun Management Portal.
- Single Sign on URL: This endpoint URL is generated in the SSO page in the Lightrun Management Portal.
- Single Sign on Service URL: The URL is used for sending authentication requests (
SAMLAuthnRequest
) and is generated in Okta.
The process of setting up SSO involves these main stages:
- Setting up the Lightrun-SAML integration in Okta.
- Configuring and enabling SSO in the Lightrun Management Portal.
Set up Lightrun SAML integration in Okta¶
Setting up the Lightrun integration in Okta includes these main steps.
STEP 1: COPY URLS in lightrun management portal¶
- Log in to your Lightrun account.
- In the Identity and Access Management tab > Identity Configuration > Provisioning.
- To enable SSO, click the SSO toggle.
- Select Okta as your SSO Protocol.
-
From the Service Provider's Redirect URL field, click Copy.
This field will serve as the redirect URL used when configuring the identity provider.
-
From the Service Provider's Entity ID field, click Copy. This field will serve as the unique identification of the SAML Service provider.
STEP 2: SET UP LIGHTRUN SAML INTEGRATION IN OKTA¶
- Sign in to Okta.
- In the Administration console, click the Application tab.
-
Click Create App Integration, and select SAML 2.0, and click Next.
The Create Lightrun-SAML Integration page opens.
-
Click on the General Settings tab.
- In the App name field, provide a name for the integration. For example,
<lightrun-app>
and click Next. -
Proceed to the Configure SAML tab.
The SAML Setting window opens.
-
In the Single sign-on URL field, paste the URL you copied from the Single sign on URL field within the SSO page in the Lightrun Management Portal.
- In the Audience URI (SP Entity ID) field, paste the URL you copied from the Service provider entity ID field.
- In the Name ID format field, select EmailAddress from the list.
- In the Application username field, select Email from the list.
- Click Next.
- Fill in the feedback form, and click Finish.
Set up SSO in Lightrun¶
STEP 1: COPY URLS in OKTA¶
- In Okta, access your
<lightrun app>
that you configured in the previous stage. - Access the SSO tab, and copy the Sign-On URL. This URL will need to be pasted in the SSO page in the Lightrun Management Portal.
Step 2: CONFIGURE and Enable SSO IN THE LIGHTRUN¶
Setting up the SSO in the Lightrun Management Portal includes these main steps.
- Log in to your Lightrun account.
-
Click Settings on the top right-hand side of your screen to navigate to the Identity and Access Management tab > Identity Configuration > Login methods > Provisioning section.
-
To enable SSO, click the SSO toggle.
- Ensure that your external Identity Provider (IdP) is set to Okta.
- In the Identity Provider's SSO URL field, paste the Sign-On URL you copied in the Copy URLs in Okta step, which is used to send authentication requests (
SAMLAuthnRequest
). - Click Save.