| description |
|---|
Okta SSO for Forest Admin |
{% hint style="info" %} You must have one project in your organization with the plan Forest Admin Pro plan to access this feature. {% endhint %}
- In your Okta admin dashboard, click Create a new app integration
- Select SAML 2.0 and follow the wizard.
- Navigate to the Okta application you just created. Click on the Sign On tab, Metadata details section, and copy the
Metadata URLhead to Forest Admin, select XML file upload or XML file endpoint and paste theMetadata URLto the Metadata XML endpoint. - You can perform some tests before enabling it for your whole company..
| Setting | Description | Value |
|---|---|---|
| ACS URL* | Assertion Consumer Service URL is responsible for receiving the SAML response. Check Use this for Recipient URL and Destination URL | https://api.forestadmin.com/api/saml/callback |
| Audience URI (EntityID) | A globally unique name | forestadmin-OrganizationName |
| Name ID format | Should be email address used on Forest Admin accounts | Select EmailAddress |
| Application username | Select Email or let None | |
| Update application username on | Select Create and update | |
| (Optional) Default RelayState | Only useful for IDP-initiated login | {"organizationName": "<OrganizationName>", "destinationUrl": "organization.projects"} |
Check the steps below this if you encounter an issue:
- Double check all information (endpoints, certificate expiration dates, etc..)
- Make sure the
Name ID formatconfigured on your Identity Provider is the email address used on Forest Admin accounts too