Search

Configure SAML SSO Authentication

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, such as an identity provider and a service provider.

SAML for single sign-on (SSO) allows users to authenticate through your company's identity provider when they log in to Magnify. SSO allows a user to authenticate once and then access multiple products during their session without needing to authenticate with each. SSO only applies to user accounts from your verified domains.

Configure Okta as Identity Provider

  1. To configure Okta as an IdP you must first create a new SSO application:
    1. Log in to your Okta developer account
    2. Click Admin on the upper-right corner
    3. On the admin Dashboard, click Add Applications in the Shortcuts section
    4. Click Create New App on the Add Applications page, The Create a New Application Integration window is displayed
    5. Select SAML 2.0 as the Sign on method
    6. Click Create
    7. In the App name field, enter a name for your application--the name you provide here is the name your users see in Okta for the Magnify widget.
    8. Click Next
    9. Click on the Configure SAML tab
    10. In the Single sign on URL field, enter https://auth.magnify.io/saml2/idpresponse
    11. In the Audience URI (SP Entity ID) field, enter urn:amazon:cognito:sp:us-west-2_v758XlR8K
    12. Click on the Feedback tab
    13. Select the I’m an Okta customer adding an Internal app radio button
    14. Click Finish
  2. Once the above steps are completed, you will then need to configure the attribute mappings for the application. Currently, the only attribute Magnify requires is email. Therefore, you will need to map your SSO email attribute to email within the application you are configuring. An example can be seen below. 

     

    When mapping SAML metadata during SSO setup, it is crucial to select the correct email address attribute. Some identity providers may include multiple email attributes in the metadata, and selecting the incorrect one can result in null values being returned. This will lead to delays in the setup process.

    To avoid issues:

    1. Confirm with your Identity Provider (IdP) administrator which attribute corresponds to the primary email address.
    2. Ensure the chosen attribute aligns with the email format used in your application.

    Double-checking this step will help ensure a smooth and efficient SSO integration.


    Screenshot 2024-11-08 at 7.12.19 AM.png
  3. After completing step 2, you will then need to provide Magnify with the SAML metadata configuration in XML format either through one of the following means:
    1. SAML metadata URL that Magnify can use to fetch the metadata.
    2. Raw XML file that contains the SAML metadata.

Please note: Magnify currently supports SSO login via app.magnify.io and does not support IDP direct login (directly from within your SSO provider app). 

Updated