This document offers some guidance for those unfamiliar with Okta in configuring Okta as the identity provider with the Helix SAML solution. An experienced administrator is free to change these to whatever suits their environment (e.g. using "username" instead of email address).
|Single sign on URL||http://localhost:7070/saml/sso|
|Name ID format||EmailAddress|
You will need to add a least one "optional" attribute to the SAML configuration,
otherwise the OneLogin
python3-saml code will reject the response for lacking
AttributeStatement. For example, add an attribute called
fullName as the value; the format can be left unspecified.
Under the Assignments tab, add users to the application, otherwise Okta will reject the user when they attempt to sign in to the application.
On the application page, under Sign On, click the button to verify your SAML
settings. On this page, there is a link to the Identity Provider metadata; copy
that link for use by the trigger as the
idpUrl value in the
Ensure the Helix Server instance has a Perforce user with an email address that matches the account on Okta, otherwise the SSO trigger will not recognize the user as valid. If you are using the username instead, then the Okta username must match the Perforce user name.