SSO Setup with Okta in Zephyr
In this tutorial, you’ll learn how to integrate Zephyr Enterprise with Okta, which will provide the following benefits:
You can control user access to Zephyr Enterprise directly from Okta.
You can enable your users to be automatically signed-in to Zephyr Enterprise with their Okta accounts.
You can manage your accounts in one central location - the Okta portal.
Prerequisites
To configure Okta integration with Zephyr Enterprise, you need an Okta subscription.
Zephyr Enterprise supports IDP initiated SSO only
Configure OKTA single sign-on
1. Register at OKTA (purchase a licenses if you don't have one) and login to OKTA.
Enter your username and password.
Username :Â XXX
Password : XXX
2. After logging in the Okta portal, click on Admin page on the right side of the page.
3. Click on Add Applications and then click on the Create New App button.
4. Select SAML 2.0 in the Create a New Application Integration window and then click on the Create button.
5. In the General Settings, provide an App name, choose an App logo (if required) and then select the available options as you see fit. Click the Next button.
6. In the SAML Settings, provide the the Single sign-on URL, Audience URL and Application username.
For the Single sign-on URL and Audience URL, copy it from the Zephyr application.
Administration → UserAuthentication System → Single Sign-On Authentication system → Configuration Info
For the Application username, select either OKTA username or Email ID for how you want to validate users with Zephyr.
7. Fill in the required fields and any optional fields. After filling in the fields, click on the Next button.
8. Click on the Finish button.
9. On the next page, click on the View Setup Instructions button. Copy the same URLs and download the certificate (applications from the header menu at Okta, select Application and then select sign-on).
10. Copy the Identity Provider Single Single Sign-On URL (IDP SSO URL), the Identity Provider Issuer URL and download the certificate. Configure these within the Zephyr Connection Info section when setting up your SSO.
Administration → Authentication → Single Sign-On → Connection Info
Create Users and Assign People to Zephyr in Okta
1. Click on Directory and then click on People.
2. Click on the Add Person button.
3. After creating assigned users for the Zephyr application, the users will receive an email from Okta asking them to reset their password. The user can then update their password from the email link. After resetting the password, the user will be able to login.
Setup User Authentication to SSO in Zephyr
1. Login as a user with Administration access. Click on Authentication and then select Single Sign-On (SSO).
2. For the SSO URL and SSO Issuer ID, provide the details which we have copied from Okta before.
Identity Provider Single Sign-On URL (IDP SSO URL)
Identity Provider Issuer URL
Certificate File
3. Click on the Save button after filling in all the required information for SSO.
4. In User management, create the same users as it was in Okta with the expire credentials unchecked and then assign the users to the projects.
5. Logout of the account with user setup permissions and launch your Zephyr instance. This will show the login SSO as home page.
6. On the SSO page, log in with your Okta credentials. After entering in the correct credentials, it will log you into Zephyr directly.
When SSO is setup and enabled, the login flow will redirect you straight to the SSO login page and after entering in the correct credentials, it will directly log you into Zephyr. This minimizes the amount of steps to get logged into Zephyr.
Auto Provisioning
You can use the Auto Provisioning feature to automatically create a user account for any new user who logs in to Zephyr via SSO. The user accounts created this way have only the Dashboard User role and they do not consume a license.
To enable Auto Provisioning, navigate to Administration > Authentication, select Single Sign-On from the drop-down menu in the Authentication System section and enable auto provisioning:
To enable Zephyr to create user accounts automatically, you also need to specify the SAML attributes you have in your external SSO system in the fields of the Attribute Mapping section.
Â
Starting Release 8.2, Zephyr Enterprise documentation is moving from its current location on Atlassian to a dedicated, standalone Zephyr Enterprise Documentation page. https://support.smartbear.com/zephyr-enterprise/docs/en/welcome-to-zephyr-enterprise.html