All Categories ​ > ​ ​Getting Started ​ > ​     Configuring SSO with Okta

Configuring SSO with Okta

Updated by Emily Chapman

This article walks through how to enable LinearB SAML auth using Okta as your IDP. For general SSO information, see this article.

Creating the LinearB integration in Okta

  1. Go to your Okta administration page and browse to Applications. Click on Create App Integration.
  2. In the Create New Application Integration select SAML 2.0
  3. In the Create SAML Integration wizard under the general tab, Type LinearB in the Application name, add application logo (downloadable file is below) and click on next.

2. Configure a SAML integration in your Okta

Your IDP Admin will need to configure a SAML 2.0 integration in your company IDP. They will need the following information from LinearB:

  • Callback URL/ACS URL - This will be dynamically generated in the LinearB app.
  • Audience URL/Entity ID = https://app.linearb.io/login
  • Set the Name ID format in the IDP to email
  • No attributes are required outside of the Name ID
  • Assign at least one user to the SSO application.
  • If needed, a LinearB logo can be downloaded here: LinearB Logo

Setup instructions

  1. In the Create SAML Integration wizard under the Configure SAML tab, copy/paste the LinearB URL. This can be found in the LinearB admin page Single Sign-On URL and the Audience URI text boxes.
    1. Single Sign-On URL: This can be copied from the LinearB settings page
    2. Audience URL: https://app.linearb.io/login
  2. In the Name ID format, select Email Address and click next.
  1. In the Create SAML Integration wizard under the Feedback tab, select the I’m an Okta customer adding an internal app and click Finish
  2. Go to the Assignment tab in your LinearB application, and click on Assign. Select People or Groups and add the team members which will have access to LinearB

3. Integrate the SSO Application with LinearB

  1. Go to the Sign-On tab in your LinearB SSO application, and click on the View SAML setup instructions
    1. Copy the Identity Provider Issuer from Okta and paste into LinearB 
    2. Copy the Identity Provider Single Sign-On URL from Okta and paste into LinearB
    3. Insert your Organization email domain
      1. Note that the domain must be correct. Also, generic domains (gmail.com, yahoo.com, hotmail.com) cannot be used as your organization email domain.
    4. Copy the X-509 Certificate from Okta and paste into LinearB

  1. Once pasted into LinearB, click the Save button, and set the "SAML Authentication" toggle button to ON.

Users logging in with SSO will be prompted to enter their email when they click on the SSO button on the LinearB login page.

How can I enforce SSO?

By checking the "Team members will only be able to access LinearB using your SSO provider" checkbox, LinearB will require all users logging in to access LinearB using their email address linked to your SSO provider.

If this checkbox is unchecked, users can log in using either SSO or the other auth versions available in LinearB.

How to validate the SAML login is working

There are two steps to verify your SSO has been configured correctly.

  • Browse to the user app dashboard in Okta, click on LinearB app. Expected result: Login to LinearB
  • Browse to LinearB login page, click on the SSO Icon and type your username. Expected result: Login with Okta

Inviting users to LinearB with SSO enabled

Once SSO is enabled, new team members will need to be added via your IDP's LinearB integration. Users added via your IDP integration will have "Viewer" permissions by default, LinearB admins can update user permissions from the LinearB user settings page here.

Users need to log in to LinearB with the same email/domain as is used in your SSO service. Email addresses are case sensitive.

How to disable SSO

SSO can be disabled by sliding the SAML Authentication button into the off position.

How did we do?

Powered by HelpDocs (opens in a new tab)