Skip to content

Okta Setup

Jump to bottom Edit New page
Mike Solin edited this page Aug 15, 2024 · 11 revisions

Okta - MunkiReport SAML configuration

In Okta

  • Navigate to your Okta admin dashboard -> Applications -> Applications
  • Click Create App Integration
  • Select SAML 2.0 and click Next
  • Under General Settings:
    • Enter an app name, e.g. MunkiReport
    • (Optional) Add an app logo (maybe this one)
    • Click Next
  • Under Configure SAML:
    • Single sign on (ACS) URL: https://your-munkireport-server/auth/saml/acs
    • Audience URI (SP Entity ID): https://your-munkireport-server/auth/saml/metadata
    • Name ID format: EmailAddress
    • Application username: Email
    • Attribute Statements: Name:email, Name format: Basic, Value: user.email
    • (Optional) Group Attribute Statements: Name:memberOf, Name format: Basic, Filter: Matches regex, Value: <eg: .*munki_admin.*>
    • Click Next
  • Under Feedback:
    • Select I'm an Okta customer adding an internal app
    • Click Finish
  • Navigate to your newly configured application in Okta
  • Select the Sign On tab
    • Under the sign on methods section and SAML 2.0, click View Setup Instructions
    • Keep this page open for the next part
  • Select the Assignments tab
    • Assign the app to your user(s) for testing

In your config (.env) file

In your MunkiReport .env file add
 the following:

AUTH_METHODS=SAML
AUTH_SAML_SP_NAME_ID_FORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
AUTH_SAML_IDP_ENTITY_ID=<Your Identity Provider Issuer>
AUTH_SAML_IDP_SSO_URL=<Your Identity Provider Single Sign-On URL>
AUTH_SAML_IDP_X509CERT=<YOUR CERTIFICATE>
AUTH_SAML_USER_ATTR=email
INDEX_PAGE=""

For AUTH_SAML_IDP_X509CERT, add it like so:

AUTH_SAML_IDP_X509CERT="-----BEGIN CERTIFICATE-----
blahblahblah
blahblahblah
-----END CERTIFICATE-----
"

If that gives you an error like docker: poorly formatted environment: variable '-----END CERTIFICATE-----' contains whitespaces, try reading the cert file contents before your docker run. Example:

certcontents=$(<certname.cert) && docker run -d --name="munkireport-php" -e AUTH_SAML_IDP_X509CERT="$certcontents" munkireport/munkireport-php:release-latest

Service Provider (SP) SAML config:
Next, visit https://your-munkireport-server/auth/saml/metadata to retrieve information about your SP configuration. You should see a page like the following:

That's it! Once you have the application configured, you can do an IdP-initiated sign-in through your Okta web portal/browser plugin, or by using the Identity Provider Single Sign-On URL copied from the SAML Setup Instructions in Okta.

Troubleshooting

For debugging add the following line to .env:
AUTH_SAML_DEBUG=TRUE

Additionally, you can use the SAML-tracer browser plugin to see where SAML is failing.

If you are still having issues, see these resources for getting support.

An Opensource project

Introduction

Setup

Server Configuration

Client Configuration

Upgrade

Modules

Securing MunkiReport

Customization

Misc

Developers

Clone this wiki locally