Setup SSO with Okta

On Okta side

1. Navigate to Applications and click Create App Integration.
2. Select the Web Platform and SAML 2.0 as the Sign on method.
3. Enter app name and click on Next.
4. Provide the following SAML Provider details to Okta from Mailtrap :
  • Entity ID = Audience URI (SP Entity ID)
  • Assertion Consumer Service URL = Single sign on URL
  • Name ID format should be set to `EmailAddress`
  • Application username should be set to `email`.
4. (Optional) To apply role mapping please add used for mapping attribute in  Attribute Statements (optional)
5. Click Next and Finish.

On Mailtrap side

After configuration is ready on Okta side, next step would be to setup configuration on Mailtrap side.
In Okta, you will see info that “ SAML 2.0 is not configured until you complete the setup instructions”
1. Click “View Setup Instructions
2. Provide the following to Mailtrap from Okta:
  • IdP Entity ID (Identity Provider Issuer) = Identity Provider Issuer
  • Single Sign-on URL = Identity Provider Single Sign-On URL
  • X509 Certificate = X509 Certificate
3. Click Save in Mailtrap SSO configuration.
4. (optional) For Role mapping there is additional configuration, please find more details here  in Step 4: Role mapping section

SAML role mapping

There are different ways how you can configure your Okta to provide needed attribute to Mailtrap.

Mailtrap allows you to configure role attributes mapping (it's name and value). So you can configure will Mailtrap receive a role name from Okta or true|false as a value .

Example of receiving boolean values in Attribute value
Example with Role name in Attribute value

There are several ways to do it in Okta. The best way is to consult with your team with help with configuration.

Map Okta group names to Mailtrap permissions

  1. Create groups in Okta

    1. “MT Admin Group”
    2. “MT Viewer Group”

  1. Add users to groups
  2. Update Okta application SAML attributes mapping

    1. Update attribute statements to return new SAML attributes:

      isMailtrapAdmin with value isMemberOfGroupName("MT Admin Group")

      isMailtrapViewer with value isMemberOfGroup("00ggiqham4LuYTBPL5d7")

      1. isMemberOfGroup accepts group id. Group id can be taken from URL when visiting group page
    2. more about Okta expressions language here

  1. Add SAML attributes mapping in Mailtrap with same attribute names

Debugging Okta integration

You can use SAML tracer to debug your SAML integration with Mailtrap.

You need to see a proper Attribute Name and Attribute Value in SAML request from Okta and they should matched to the ones you specified in Mailtrap SSO settings.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us