This article outlines the SAML setup process using Okta for the mabl SSO integration. These steps should work with other SAML identity providers with a similar setup. If you use Azure, check out SAML setup: Azure.
Reach out to support
To initiate the SAML setup, reach out to mabl support through the in-app chat or by email: firstname.lastname@example.org. Tell support you'd like to configure a SAML connection and share a link to your mabl workspace.
If your company wants to set up domain lock or configure the SAML connection for multiple domains, let the support team know:
- Domain lock: all mabl logins from your company's domain must use SSO. Read mabl SSO integration for more details on domain lock.
- Multiple domains: if some users log in to mabl with email@example.com and other users log in with firstname.lastname@example.org, let the support team know which domains you want to use. You can only use domains that your company fully owns.
The support team will provide you with the following values, which are required to configure the SAML connection:
- Single sign-on URL, also known as the reply URL
- Audience URI
Configure a SAML connection
In Okta, create a new application and select SAML 2.0 for the sign on method. Click Next.
Write the app name "mabl" and upload a logo. You may use the following logo:
Enter the single sign-on URL and Audience URI provided by mabl support.
If using OneLogin as your Identity Provider, enter the Audience URI value provided by mabl in both the "SAML Consumer Url" and "SAML Recipient" fields.
Add the following required attributes:
Click Next to configure the final settings.
To finish the setup, select the following settings:
- "I'm an Okta customer adding an internal app"
- "Contact App Vendor - It's required to contact the vendor to enable SAML."
Click the Finish button to complete the SAML configuration.
Share SAML config details with support
Click on the View Setup Instructions button and provide mabl with either of the following:
- Metadata xml file
- Identity provider single sign-on URL, identity provider issuer, and X.509 certificate in CER or PEM format
This is a public key certificate. This means there is no security risk passing this to mabl through normal channels.
After mabl gets this information and sets up the required connection to your SAML application, your organization can log in using SSO and restrict access using your identity provider of choice.