Create SAML application in Okta
Select SAML 2.0 for Sign-in method.
For App name, choose a name that you can easily remember.
Configure the host for your redirect URLs:
- Single sign-on URL:
http://{MKE hostname}/callback
- Audience URI (SP Entity ID):
http://{MKE hostname}/callback
- Attribute statements:
- Name: email
Value: user.email - Name: name
Value: user.login
- Name: email
- Single sign-on URL:
Click Save.
Click Finish.
Navigate to the Assignments tab:
a. Click Assign -> Assign to people.
b. Click the blue Assign button that corresponds to the account you want to use for authentication.
Okta generates the
ssoURL
and certificate under theSign On
tab. ThessoURL
is the MetadataURL with the final metadata removed from the path.Download the certificate to the system from which you will run mkectl:
a. Navigate to the SAML Signing Certificates section.
b. Click Actions for the active certificate and initiate the download.
Run the
mkectl apply
command with your MKE configuration file.