Prerequisites
Salto SAML integration is available for enterprise customers (see info about plans here: https://www.salto.io/pricing)
Contact support@salto.io in order to initialize the process.
Supported features
IdP-initiated SSO
SP-initiated SSO
JIT provisioning
Configuration steps
In your Okta Admin Console, browse the app catalog, search for Salto application and add it.
For
connection_name
you should either use the one you got from Salto, or you can use your domain name with hyphens instead of dots, e.g.:
βacme.com β acme-com
acme.co.uk β acme-co-ukAfter creating the application, select the Sign On tab, then download the Signing Certificate and copy the Sign on URL.
Contact the Salto support team (support@salto.io) and ask to enable SAML 2.0 for your account, providing:
Signing Certificate you downloaded
Sign On URL you copied
The
connection_name
you used (either provided by Salto, or chosen as noted above)If you also have a Sign Out URL
Salto support team processes your request and provide you an Encryption Certificate (PEM) that will be used to set up SAML login on your side
In your Okta Admin Console, select the Sign On tab for the Salto app, then click "Edit" and fill in the form with the details provided by Salto support team.
Your SAML configuration for Salto is complete. You can start assigning users and groups to the application.
For IDP-initiated SSO, after clicking Salto app in Okta, you will be redirected to https://app.salto.io/
For SP-initiated SSO, navigate to https://app.salto.io/login, and enter the your email address:
Troubleshooting
If you encounter any issue during the process, or a generic access denied message after authenticating through Okta, consult with Salto support team (support@salto.io).
Please note, the Org Admin user in Salto must invite other users to the org, otherwise when new users log in via SSO they will not be able to access the Salto application.
See this article about inviting members for more information: