Introduction

SP-Initiated SAML is a Single-Sign-On (SSO) plugin that allows users to sign in into Joget through authentication in their preferred identity management platform (IDM) that supports the SAML protocol.

Source Code and Plugin Download

1. Please visit https://github.com/jogetoss/sp-saml-directory-manager for the plugin's source code.
2. You can find the latest release at https://github.com/jogetoss/sp-saml-directory-manager/releases.
3. Upload the plugin to your Joget by navigating to Settings > Manage Plugins > Upload Plugin as admin.

Sample Setup using OKTA

Sample Screen Flow using OKTA As Provider

We will be using OKTA as the IDM provider in this article to walk through the steps of setting the plugin up. After it is enabled, on the login page, we will be seeing an additional login (blue) button as shown in Figure 1.

Figure 1: Joget Login screen

Upon clicking on the blue login button, the user will be redirected to Okta.

Figure 2: Login Page using Okta IDP

Upon successfully login in Okta with your registered email you would be redirected back to Joget.

Create App Integration

Go to your Okta developer account, and navigate to Applications > Create App Integration.

Figure 3: Okta Developer Dashboard - Creating App Integration

Choose SAML 2.0.

Figure 4: App Integration - SAML 2.0

After selecting SAML 2.0, pick a meaningful app name to represent Joget.

You may click on "Do not display application icon to users" if you do not want this app to appear in Okta's end user interfaces.

Figure 5: General Settings

In the next screen, we will be required to provide SSO URL and SP Entity ID.

Figure 6: SAML Settings

In Joget, navigate to System Settings > Directory Manager Settings and select the SAML Service Provider Directory Manager as seen in Figure 7.

Figure 7: Select Plugin

Once selected, you should be directed to the next screen in Figure 8. If not, please click on Configure Plugin.

Figure 8: Plugin Configuration

Copy the Entity ID. 

Go back to Okta page, and paste the value into:-

• Single sign-on URL
• Audience URI (SP Entity ID)

Change Name ID format onto EmailAddress.

Figure 7: SAML Setting (General)

Scroll down to Attribute Statements (optional) and fill up the attribute mappings. The mappings are needed to identify the users that will be logging in.


Figure 8: Attribute Statements

Complete the rest of the steps by clicking on Next and Finish. You may choose "I'm an Okta customer adding an internal app" for your testing purpose.

We are done setting up the app integration on Okta, next, we will need to configure Joget to point to Okta.

Edit the app integration that we have just created on Okta.

Figure 9: Obtaining Metadata

Copy the Metadata URL and open it in a new window. Copy the entire content.

Figure 10: Metadata

Paste the content into Metadata in Joget.

Figure 11: Paste Metadata into Joget SAML Plugin

Scroll down to look for SHA-2 cert and download certificate.

Figure 12: Download Certificate

Figure 13: Okta Certificate

Open the certificate with your text editor and copy the value and paste it into Joget.

Figure 14: Paste the Cert Content into Joget SAML Plugin

You may want to check on User Provisioning Enabled so that if it is the first time an user SSO into Joget, an user account would be created in Joget and the user would be able to continue to log in to Joget.

Figure 13: Configure User Attributes

Configure User Attributes based on the mappings below.

The "Value" here corresponds with "Name" column that we have declared in Figure 8 earlier.

Up to this point, we have successfully created app integration in Okta and configured the SAML plugin in Joget.

No users from Okta are able to log in using this mechanism yet. Continue to read on.

Add Users to App Integration

We will need to assign user(s) to the app. Navigate to Applications > Assignments > Assign.

Figure 14: Assign Users to App

Once assigned, the selected users are now abe to SSO into Joget using their identity in Okta.