This guide provides step-by-step instructions on setting up Bitrise as a SAML application on Okta.
- an Okta administrator who is logged into Okta
- a Bitrise organization owner who is logged into his/her Bitrise organization (with Org Elite subscription)
Adding Bitrise to Okta ⚓
Bitrise is not an integrated app in Okta. You have to add Bitrise manually to Okta first, then you can configure SAML SSO on it.
We will be jumping back and forth from the Bitrise organization account to Okta so make sure both pages are available. In practice this means the organization owner should be logged into Bitrise and the Okta admin should be logged into Okta.
Log into Okta and click
On your Dashboard click
Click the green
Create New Appbutton.
Create a New Application Integrationscreen is displayed.
SAML 2.0option at
Sing on methodand click
General Settingsstep, type Bitrise into the
App namefield. (Optionally, you can add an app logo if you wish.) Click
- Head over to your Bitrise organization and click the
Single Sign Ontab on the left menu.
Copy Linkbutton to copy the Single Sign-On URL.
- Head back to Okta’s
SAML Settingsand paste the copied URL to the
Single sign on URLinput field.
Type Bitrise at the
Audience URI (SP Entity ID).
You can download the Okta certificate file now and paste its content in the
Certificatefield on your Bitrise org’s
Single Sign Onpage. Even easier if you leave it for later as you will need the
Identity provider sign-on URLfrom Okta anyway. You will fetch this while configuring Bitrise as a SAML app.
- Fill out the
Congrats! Bitrise has been successfully added to Okta as an app.
Configuring Bitrise as a SAML app ⚓
Assignmentstab of your Bitrise app.
Here you can assign Bitrise to individuals/groups. Make sure you assign Bitrise to all org members who will access the Bitrise org through SAML.
Sign-Ontab of your Bitrise app. You will see that SAML setup is not completed yet. Click
View Setup Instructions.
How to Configure SAML 2.0 for Bitrise applicationpage is displayed. It summarizes all the information you need to set up the SAML connection between Bitrise and Okta.
Identity Provider Single Sign-On URLand paste it in your Bitrise org’s
Identity provider sign-on URL.
If you haven’t pasted the Certificate into the respective field of your Bitrise org yet, you can do so now as it is displayed on this page.
Configure SSOon your Bitrise org.
Enabling SAML SSO on Bitrise ⚓
Once SAML SSO has been set up between the app and the identity provider, all org members (including the org owner) must enable their SAML SSO connection to the respective org to use SAML SSO as a login method.
- Check your mailbox (one associated with your Bitrise account) for an email notification sent by Bitrise (
firstname.lastname@example.org). All org members who have been invited to the Bitrise org receive this email from Bitrise.
Sign In via SSO. This link will take you to an authorization page where you have to click
Authorizeif you trust the organization.
NOTE: Below error message only appears if you’ve been trying to access the Authorization page in a Safari browser.
Error: The CORS policy for this site does not allow access from the specified Origin....
As a workaround, we suggest you to copy the URL and paste it in a new tab. It will work! For all other browser types, you should be safely landing to the
If all went well, you should be on your Bitrise Dashboard. If you go to the
Groups tab the organization, you can see that you are automatically added as a SAML user. All org members, who enable SAML SSO, appear here automatically.
Please note that at this stage, SAML SSO has not been enforced as the only gateway to the Bitrise org. You can only enforce it if all org members have completed the above steps. You can check each org member’s status (enabled or disabled) if you click the
Review Users button on the org’s
Single Sign-On tab.
Enforcing SAML SSO on the organization ⚓
To be able to sign into Bitrise exclusively via SAML SSO, you have to enforce SAML on the organization. Mind you! You can only enforce SAML SSO on the org, if all org members have enabled their SAML SSO connection.
- Toggle the
Enforce SAML SSOswitch to the right on the
Single Sign Ontab of the org.
From now on, org members will be able to log in exclusively via SAML SSO.