How do I configure Artifactory SAML SSO with Okta?

In Okta:

  1. Log in as a user with an administrator privilege to Okta

  2. Click on Add Application → Create New App → SAML 2.0

  1. Fill in App name: <desired_app_name>, click Next.

  2. In the SAML Settings fill in the following:

Single Sign-On URL: https://${ARTIFACTORY_URL}/webapp/saml/loginResponse (e.g. https://yourcompany.jfrog.io/yourcompany/webapp/saml/loginResponse)

Audience URI (SP Entity ID): https://${ARTIFACTORY_URL} (e.g. https://yourcompany.jfrog.io/yourcompany)

Name ID Format: Unspecified

Application username: Okta username (If you wish for Okta to use the part of the email address that comes before the "@" symbol as the username to log on to Artifactory, choose "Custom" instead of "Okta username" and in the "Custom Rule" fill in: ${f:substringBefore(user.email, "@")}  - see screenshot below)

 

  1. Click Next and then Click Finish.

  2. A "SAML 2.0" frame will appear under the "Settings" frame

  3. Click "View Setup Instructions"

  4. Copy the data from the text boxes and paste them in Artifactory's SAML settings

In Artifactory:

  1. Log in as a user with an administrator privilege

  2. Click on the "Admin" tab

  3. Click on "Security" (in the left menu)

  4. Click on "SAML Integration" (in the left menu))

  5. Copy each data from Okta (from Step 8 above) and paste it in Artifactory's UI:

 

Okta

Artifactory

Identity Provider Single Sign-On URL

SAML Login URL

Identity Provider Single Sign-On URL

SAML Logout URL

Identity Provider Issuer

SAML Service Provider Name

X.509 Certificate

SAML Certificate

 

  1. Click Save.

  2. Logout from Artifactory and go to the Login page.

  3. Click SSO Login.

Note that when creating users in Okta, don't forget to assign the Artifactory application for each user that will use Artifactory.

Groups sync (Artifactory 5.3.0 and above):

  1. Open your Artifactory application's settings in Okta

  2. Go to the 'General' tab and hit on Edit next to the 'SAML Settings' section

  3. Click on Next to get into SAML Settings section (Step 2)

  1. Go to the bottom of the page configure your group attribute and a filter for sending your desired Okta groups. When done click on Next and Finish.

  1. Configure the group attribute from step 3 under the Artifactory UI.

  2. Once logged in, your user will sync with the groups received from the Okta SAML assertion and the existing group in Artifactory.

This how it looks on Artifactory side: