Okta

SSO with Okta is available on Postman Enterprise plans.

To configure SSO with Okta, you can use the available Postman Okta app, use the SCIM 2.0 test app (Header Auth), or create a custom SAML application in Okta. You must be an administrator in both Okta and Postman to configure SSO for your team.

Configuring SSO with Okta

Before configuring SSO in Okta, you must configure SSO in Postman. When choosing the Authentication Type, select Okta. Name your authentication and Continue.

Configure identity provider details in Postman

To continue configuring SSO with Okta, choose one of the following:

Configuring SSO using the Postman Okta app

To continue configuring the Postman app in Okta, do the following:

If you're planning to configure SCIM provisioning through Okta, note that updating group information from Postman to your identity provider (IdP) isn't supported in the Postman Okta app. If you want to use this SCIM provisioning feature, configure SSO using the SCIM 2.0 test app (Header Auth).

  1. Open your Okta admin console in a new tab.

  2. Go to Applications, and then select Applications.

  3. Select Browse App Catalog.

    Create new Okta app

  4. Search for "Postman". Select the Postman app from the results, and then select Add Integration.

    Add Postman integration

  5. In the General Settings screen, enter an application label you'll recognize later, and then select Done.

  6. Select the Sign On tab, and then select Edit.

    View sign on method settings

  7. Take the Relay state generated from Postman and add it as your Default Relay State. Upload the Encryption Certificate downloaded from Postman. Take the ACS URL from Postman and add it to your configuration in Okta, and then select Save.

    Edit sign on method settings

  8. Select View SAML setup instructions to display SAML configuration instructions, including the identity provider (IdP) details.

    View identity provider details

  9. In Postman, enter the SSO URL, Identity provider issuer, and X.509 Certificate individually under Identity provider details.

  10. Select Save Authentication in Postman.

Configuring SSO using the SCIM test app

To continue configuring the SCIM 2.0 test app (Header Auth) in Okta, do the following:

Configure the SCIM 2.0 test app (Header Auth) if you're planning to configure SCIM provisioning through Okta, and you want to update group information from Postman to your IdP. If you don't need this SCIM provisioning feature, configure SSO using the Postman Okta app.

  1. Open your Okta admin console in a new tab.

  2. Go to Applications, and then select Applications.

  3. Select Browse App Catalog.

    Create new Okta app

  4. Search for "SCIM 2.0 Test App (Header Auth)". Select the app from the results, and then select Add Integration.

    Add new Okta SCIM test app

  5. In the General Settings tab, enter an app name you'll recognize later, and then select Next.

  6. In the Sign-On Options tab, take the Relay state generated from Postman and add it as your Default RelayState.

    Okta SCIM test app SAML settings

  7. Under Advanced Sign-on Settings, take the Login URL from Postman and add it as your Login URL. Take the ACS URL from Postman and add it as your ACS URL. Take the Entity ID from Postman and add it as your Audience URI. Then select Done.

    Okta SCIM test app advanced settings

  8. Select the Sign On tab, and then select View SAML setup instructions to display the IdP details.

  9. In Postman, enter the SSO URL, Identity provider issuer, and X.509 Certificate individually under Identity provider details.

  10. Select Save Authentication in Postman.

Configuring SSO using a custom SAML app

To continue configuring your custom SAML application, do the following:

You can't use a custom SAML app to configure SCIM provisioning through Okta.

  1. Open your Okta admin console in a new tab.

  2. Go to Applications, and then select Applications.

  3. Select Create App Integration.

    Create new custom Okta app

  4. In the Create a new app integration screen, select SAML 2.0 and then select Next.

    Select sign-in method

  5. In the General Settings tab, enter an app name you'll recognize later, and then select Next.

  6. In the Configure SAML tab, take the ACS URL from Postman and add it as your Single sign-on URL. Take the Entity ID from Postman and add it as your Audience URI (SP Entity ID). Take the Relay state generated from Postman and add it as your Default RelayState. Select EmailAddress as the name ID format.

    Configure custom SAML settings

  7. Select Show Advanced Settings. Select Encrypted as the assertion encryption, AES128-CBC as the encryption algorithm, and RSA-1.5 as the key transport algorithm. Upload the Encryption Certificate downloaded from Postman, and then select Next.

    Configure advanced custom SAML settings

  8. In the Feedback tab, select I'm an Okta customer adding an internal app. Select This is an internal app that we have created as the app type, and then select Finish.

  9. Select the Sign On tab, and then select View SAML setup instructions to display the IdP details.

    View identity provider details

  10. In Postman, enter the SSO URL, Identity provider issuer, and X.509 Certificate individually under Identity provider details.

  11. Select Save Authentication in Postman.

Next steps

Now that you've set up SSO with Okta using the Postman app or the SCIM 2.0 test app (Header Auth), you can learn about setting up SCIM provisioning:

Last modified: 2023/01/19

Postmanaut dancing. Illustration.