SAML Configuration

All of Aviator’s cloud accounts support Google SSO based login. Self-hosted Aviator deployments support Google, Okta, Active Directory, or other SAML SSO providers.

Google SSO

To setup Google SSO for on-premise installation, you will need to create Oauth authorization credentials in the Google developer console to identify the application to Google's OAuth 2.0 server.
  1. 2.
    Click Create credentials > OAuth client ID.
  2. 3.
    Select the Web application application type.
  3. 4.
    Name your OAuth 2.0 client and add the Javascript origins and redirect urls replacing the following with your domain.
5. Add the Google Client ID and Client Secret that is on this page to your docker .env file.
Restart the server, and Google SSO should work.

SAML 2.0

Aviator supports SAML 2.0 based authentication. To request SAML authentication for your account, please contact [email protected]. See instructions below for Okta. If you have any other identity provider, please contact us for instructions.

Okta setup

  1. 1.
    Sign into Okta as an administrator.
  2. 2.
    Switch to the Classic UI, using the drop-down in the upper left.
  3. 3.
    Go to Admin Dashboard > Applications > Add Application.
  4. 4.
    Click Create New App and choose SAML 2.0 as the Sign on method.
  5. 5.
    Enter General Settings for the application:
    • App name: Aviator
    • App logo (optional). You can download the application logo for the application, you can download one from here. [INSERT NEW LOGO]
  6. 6.
    Log into Aviator and go to SAML configuration page:
  7. 7.
    Copy the unique Single Sign on url, of format:<sso-key>
8. Enter SAML Settings, including:
  • Single sign on URL: enter the URL you copied in Step 6
  • Audience URI: mergequeue
  • Default Relay state: <leave empty>
  • Name ID format: EmailAddress
  • Application username: Email
9. Enter the attribute statements, which will be used to map attributes between Okta and Aviator. Please note that these values are case-sensitive.
10. Click Next. Then, set Okta support parameters for the application. Recommended settings:
  • I’m an Okta customer adding an internal app
  • This is an internal app that we have created.
11. Click Finish. On the next screen, click the Sign On tab and click on Identity Provider metadata.
12. Copy the url that it opens, this is your Metadata URL.
13. Go to the Assignments tab, and assign the app to the appropriate groups / users to access.
14. Go back to the SAML configuration page and update the following properties:
  • Metadata url: Paste the Metadata URL copied from step 11
  • Email domains to allow: enter your company email domain, e.g.
  • Click Save and Activate
This should enable the Okta configuration for your organization. Please verify this by logging out and logging in directly from Okta portal.
  • This is idp initiated authentication, so you can login in directly from the Okta portal.
  • It’s also recommended to post an announcement for your users to explain how the migration will work.
Contact: [email protected] if you have any issues with the setup.