How to Configure SAML 2.0 for Inflection.io

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

Read this before you enable SAML
Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular sign-in page. They will be able to access the app through the Okta service.

Backup URL
Inflection.io doesn't provide a backup sign-in URL where users can sign in using their regular username and password. You can contact Inflection.io Support (team@inflection.io) to turn off SAML, if necessary.

Contents

• Supported Features

• Configuration Steps

• Notes

Supported Features

The Okta/Inflection.io SAML integration currently supports the following features:

• SP-initiated SSO

• IdP-initiated SSO

• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

1. Sign in to Inflection.io.
‍
2. Go to Settings and enter the following:

The values for the following settings can be found on the Sign On tab of the Inflection Okta Application under "Metadata Details"

- Single Sign-On URL
- IDP Issuer
- Certificate

• Make a copy of your Organisation Slug value.‍

• Single Sign-On URL: Copy and paste the following:
  
  Sign On tab of the Inflection Okta Application under "Metadata Details" >> Sign on URL

• IDP Issuer: Copy and paste the following:
  
  Sign On tab of the Inflection Okta Application under "Metadata Details" >> Issuer

• Certificate: Download the certificate and save, then open in a text editor to get the value.
  
  Sign On tab of the Inflection Okta Application under "Metadata Details" >> Signing Certificate

• Click Save Changes.

3. In Okta, select the Sign On tab for the Inflection.io SAML app, then click Edit.‍

• Encryption Certificate: Save the following encryption certificate as encryption.crt then upload it to Okta.
  
  -----BEGIN CERTIFICATE-----
  MIIDADCCAmmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBnDELMAkGA1UEBhMCdXMx
  EDAOBgNVBAgMB1NlYXR0bGUxFjAUBgNVBAoMDUluZmxlY3Rpb24uaW8xFjAUBgNV
  BAMMDWluZmxlY3Rpb24uaW8xEDAOBgNVBAcMB1NlYXR0bGUxFjAUBgNVBAsMDUlu
  ZmxlY3Rpb24uaW8xITAfBgkqhkiG9w0BCQEWEnRlYW1AaW5mbGVjdGlvbi5pbzAe
  Fw0yMTA5MTMxMzU0MDJaFw0yNDA2MDkxMzU0MDJaMIGcMQswCQYDVQQGEwJ1czEQ
  MA4GA1UECAwHU2VhdHRsZTEWMBQGA1UECgwNSW5mbGVjdGlvbi5pbzEWMBQGA1UE
  AwwNaW5mbGVjdGlvbi5pbzEQMA4GA1UEBwwHU2VhdHRsZTEWMBQGA1UECwwNSW5m
  bGVjdGlvbi5pbzEhMB8GCSqGSIb3DQEJARYSdGVhbUBpbmZsZWN0aW9uLmlvMIGf
  MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO9CWG+eZPHiNa7aeXe3ODq0ycFpHw
  pubHMVKvjTJaUua6tj+Ldb5aT5+PA7dlk4yP2OxeJZPvW33aDdmAALexLpHZj0Y6
  7owWIhHokejHAl/LL7JAItkOOrIJBaSTPdTlRhk7hvddKXGi9+xUDmmfxgGINDvM
  xVyLrpIliy7/kwIDAQABo1AwTjAdBgNVHQ4EFgQUg4C+MHYZk0ARLibvY1ZaZw6H
  +ZIwHwYDVR0jBBgwFoAUg4C+MHYZk0ARLibvY1ZaZw6H+ZIwDAYDVR0TBAUwAwEB
  /zANBgkqhkiG9w0BAQ0FAAOBgQCprBxkRMjPdUHFyXTtW5nmzO8bHSUDREJjHQ8w
  sJvuTqsiO5RqmG6N+ok1jLfXG9yvDz8zsI/busDySkoFiC037MOKBIvZe+21ImjN
  wttoLTJWDhdkWe0ru5UmDCLAKgo2qqf5Nhk0dVz7859uezXFwDi/MHZwb6QlhKL9
  8J1ezw==
  -----END CERTIFICATE-----
  
  ‍

• Scroll down to Advanced Sign-on Settings.
  ‍

• Enter your Organisation Slug (step 2) into the corresponding field.
  ‍

• Click Save.
  ‍

• Application username format: Select Email.
  ‍

4. Done!

Notes

The following SAML attributes are supported:

SP-initiated SSO

1. Go to: https://app.inflection.io/login/start

2. Enter your email, then click Continue.

3. Click Continue with Okta.