Set Up SAML Configuration
All of Aviator’s cloud accounts support Google SSO based login. Self-hosted Aviator deployments support Google, Okta, Active Directory, or other SAML SSO providers.
SAML 2.0
Aviator supports SAML 2.0 based authentication. To request SAML authentication for your account, please contact howto@aviator.co. See instructions below for Okta. If you have any other identity provider, please contact us for instructions.
Note for onprem users
Please replace app.aviator.co with with aviator.yourdomain.com in the instructions below.
Okta setup
Sign into Okta as an administrator.
Go to Admin Dashboard > Applications > Add Application. If you don't see that option, you might need to switch to the Classic UI, using the drop-down in the upper left.
Click Create New App and choose SAML 2.0 as the Sign on method.
Enter General Settings for the application:
App name: Aviator
App logo (optional). You can download the application logo for the application, you can download one from here.
Log into Aviator and go to SAML configuration page: https://app.aviator.co/saml/okta/configure
Copy the unique Single Sign on url, of format: https://app.aviator.co/saml/sso/<sso-key>
8. Enter SAML Settings, including:
Single sign on URL: enter the URL you copied in Step 6
Audience URI:
mergequeue
Default Relay state: <leave empty>
Name ID format:
EmailAddress
Application username:
Email
9. Enter the attribute statements, which will be used to map attributes between Okta and Aviator. Please note that these values are case-sensitive.
10. Click Next. Then, set Okta support parameters for the application. Recommended settings:
I’m an Okta customer adding an internal app
This is an internal app that we have created.
11. Click Finish. On the next screen, click the Sign On tab and go to SAML Signing Certificates and select SHA-2 Actions dropdown. Select View IdP metadata.
12. Copy the url that it opens, this is your Metadata URL. It should typically end with: /sso/saml/metadata
13. Go to the Assignments tab, and assign the app to the appropriate groups / users to access.
14. Go back to the SAML configuration page and update the following properties: https://app.aviator.co/saml/okta/configure
Metadata url: Paste the Metadata URL copied from step 11
Email domains to allow: enter your company email domain, e.g. example.com
Click Save and Activate
This should enable the Okta configuration for your organization. Please verify this by logging out and logging in directly from Okta portal.
Notes:
This is idp initiated authentication, so you can login in directly from the Okta portal.
It’s also recommended to post an announcement for your users to explain how the migration will work.
Contact: support@aviator.co if you have any issues with the setup.
Last updated