The following guide will help you configure a SAML connection for single sign on authentication with Droplr using Okta.
In SAML terms, Droplr is a service provider (or “SP”) and your system is the identity provider (or IdP). Droplr supports both IdP-initiated Single Sign On and SP-initiated Single Sign On flows.
Droplr identifies single sign on connections based on email domains. For example, we will configure a connection for all emails under the “apple.com” domain and then everyone who tries to sign in with an email like “firstname.lastname@example.org” will be automatically sent to the IdP’s SSO flow.
Users signing in via the SAML connection will be automatically provisioned in Droplr.
1. Create SAML connection
In the Okta admin dashboard, create a new Application Integration.
Select SAML 2.0 and click “Next”.
2. Create SAML Integration
Under General Settings, enter the app name. Click “next” again.
Now, you must set your initial configuration values in your SAML settings.
For your single sign on URL, input https://auth.droplr.com/saml/ <your-email-domain.com>. For example, the URL for the droplr.com domain would be: https://auth.droplr.com/saml/droplr.com.
For your audience URI, input https://auth.droplr.com/saml/metadata.
Select “email” for the application username.
You can also add an optional attribute statement using the following format:
Name Format: Unspecified
Once you are finished setting your values, fill out the feedback form. Click on “I’m an Okta customer adding an internal app” and “It’s required to contact the vendor to enable SAML”. Then, click finish.
3. Send Droplr your XML metadata
To complete the single sign on connection, Droplr needs the link to your IdP XML metadata file. Once you’ve saved your application, you can obtain the link by going to the sign on settings shown here:
Click on “identity provider metadata” to access the metadata to send to Droplr.
4. Confirm that the SSO connection is working
One Droplr receives your IdP XML metadata file, we can activate the connection. You can test to make sure that the connection is working by logging in at https://auth.droplr.com/login with an email domain associated with the SSO connection. (For example: If you registered your SSO connection with the “apple.com” email domain, trying to login with “email@example.com” should activate the IdP sign on flow).
If you have any questions regarding how to configure your SAML connection with Droplr or if there is a problem with your Droplr SAML connection, please contact your account representative.