SSO with Okta SAML

Okta SAML Integration with LeanIX SMP

Information

This documentation is deprecated. Refer to it only if your Authentication & Authorization is still configured via the legacy SMP interface. Please refer to Authentication & Authorization for the latest documentation on Authentication & Authorization.

Create a New Application in Okta

  1. In Okta admin go to Applications, click Add Application and Create New App

  1. Select Platform Web and Sign on method SAML 2.0

  1. Enter App name LeanIX SMP, upload App logo and then click Next

  1. For SAML settings step you will need data from LeanIX SMP settings. Select Custom (SAML) option for Single Sign On.

In Okta uncheck option - use this for Recipient URL and Destination URL.

Copy Single Sign On URL from LeanIX SMP and paste it in Okta fields:
Single Sign on URL
Requestable SSO URLs (check that Allow this app to request other SSO URLs option is enabled)

Copy _Reply URL _from LeanIX SMP and paste it in fields:
Requestable SSO URLs
Recipient URL
Destination URL

Copy Identifier from LeanIX SMP and paste it under
Audience URI (SP Entity ID)

Set Name ID format to Unspecified and Application username to Email.

  1. Under Attribute statements set attribute email (Unspecified format) and select value user.email.

  1. Click Next and Finish in the next step.

  1. Click View Setup Instructions button

  1. Copy IDP metadata found on the bottom of the page, create new .xml file on your drive and store IDP metadata XML content.

Setup LeanIX SMP Okta SAML SSO

  1. In Account settings SSO settings in LeanIX SMP, select Custom (SAML) and upload the file you created before, under Provider metadata.

  1. Set Allowed domains (e.g. your-company.com) from which are users allowed to sign in.
  2. Last, click on Enabled checkbox and Save changes for SAML button and
  3. You should be able to sign in to LeanIX SMP using Okta.