This documentation relates to QuickBuild 10.0.x
Select here if you are using a different version

Single Sign-On with Okta

Added by Robin Shen, edited by Robin Shen on Feb 22, 2020
You are viewing an old version (v. 4) of this page.
The latest version is v. 9, last edited on Feb 12, 2021 (view differences | )
<< View previous version | view page history | view next version >>

Purpose

This tutorial demonstrates how to set up QuickBuild to authenticate via Okta using SAML protocol

Assumptions

  1. QuickBuild is accessed via https://build.example.com

Steps

  1. Login to your organization account at Okta, and switch to Classic UI from Developer Console
  2. Add Okta group qb.developers and qb.testers and add your current Okta account into these groups
  3. Create new application in Okta, with platform being Web and sign in method being SAML 2.0:
  4. Fill in general setting of the application, and click next:
  5. Fill in SAML settings as below and click next:
  6. Select appropriate options in feedback page and click finish:
  7. Okta will bring you to the Sign On tab after clicking finish button above. From here, click the Identity Provider Metadata link to show the content:
  8. Copy the metadata XML into clipboard
  9. Now login to QuickBuild, navigate to page Administration/Security Setting and select SSO via SAML2 as SSO Provider. Paste the copied metadata in above step into field IdP Metadata
  10. Run below commands to generate SP private key and self-signed SP certificate: 
    openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout sp-key.pem -out sp-cert.crt
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in sp-key.pem -out sp-key-pkcs8.pem

    Copy content of file sp-key-pkcs8.pem into field SP Private Key, and content of file sp-cert.crt into field SP Cert

  11. Specify email for field Email Attribute, and group for Group Names Attribute. Attributes specified here should be the same as you've specified at Okta side
  12. Specify a default group if necessary and save the setting
  13. Navigate to Group Management page and define groups with same name as we've defined in Okta, and assign appropriate permissions:
  14. Navigate to page Administration/System Setting, and make sure property Url to Access QuickBuild is specified as _https://build.example.com_
  15. Now logout and visit _https://build.example.com_ (must visit the url defined in system setting), the sign in page should display a SSO login button
  16. Click this button and you will be taken to Okta site for authentication. If authenticated successfully, you will be logged into QuickBuild.
    You can still login to QuickBuild with normal user/password without clicking the SSO button
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.