Configuring SSO

Enterprise users can OmniAI via SAML single sign-on (SSO)

Setting up SSO with Okta

This covers setting up an SSO connection with Okta, but the steps are applicable to other SSO providers. The general process will be:

Creating a SAML 2.0 application in your provider
Configuring the application with your OmniAI callback url
Establishing an SSO connection using the Metadata url

Step 1: Create a new app integration

You must select the SAML 2.0 application type.

Step 2: Configure your application

Set the Single sign-on URL, Audience URI, and NameID-Format. If you are hosting Omni on a domain, the SSO url will be the api.domain.com/api/callback/saml. The audience URI will be domain.com. And Name ID format must be EmailAddress.

Under Attributes, it's required that you map firstName, lastName, and email. If presented with a checkbox on the final page, select "I'm an Okta Customer adding an internal app".

Step 3: Retrieve Metadata URL

Once you've created your app, you will see a Metadata URL. This is what OmniAI uses to establish an SSO connection. Copy that url for the final step.

Step 4: Create SAML connection on OmniAI

Retrieve the Metadata url from Okta, and pass this as an argument to the /create-saml-connection api endpoint. The tenant will be the top level domain that users are expected to sign in with. Example, if I will authenticate with tyler@getomni.ai the tenant must be getomni.ai.

curl --location 'https://api.getomni.ai/create-saml-connection' \
--header 'Content-Type: application/json' \
--data '{
    "tenant": "getomni.ai",
    "metadataURL": "https://dev-1234.okta.com/app/abcd/sso/saml/metadata"
}'

After a successful response, you will receive a 200 with additional meta data about your SAML connection. You can then sign in using your Okta console, or via OmniAI login page.

API Endpoints

The following API endpoints are available for creating and managing SAML connections.

POST /create-saml-connection

GET /get-saml-connections

DELETE /delete-saml-connection

Create new SAML Connection

Create a new SAML connection using your metadata url.

curl --location 'https://api.getomni.ai/create-saml-connection' \
--header 'Content-Type: application/json' \
--data '{
    "tenant": "getomni.ai",
    "metadataURL": "https://dev-1234.okta.com/app/abcd/sso/saml/metadata"
}'

Example Response

{
    "samlConnection": {
        "defaultRedirectUrl": "https://app.getomni.ai/api/auth/callback/saml",
        "redirectUrl": [
            "https://app.getomni.ai/api/auth/callback/saml"
        ],
        "tenant": "getomni.ai",
        "product": "omni",
        "clientID": "CLIENT_ID",
        "clientSecret": "CLIENT_SECRET",
        "forceAuthn": false,
        "sortOrder": null,
        "idpMetadata": {
            "sso": {
                "postUrl": "https://dev-1234.okta.com/app/dev-1234/abcd/sso/saml",
                "redirectUrl": "https://dev-1234.okta.com/app/dev-1234/abcd/sso/saml"
            },
            "slo": {},
            "entityID": "http://www.okta.com/abcd",
            "publicKey": "PUBLIC_KEY",
            "thumbprint": "THUMBPRINT",
            "validTo": "May  4 19:24:51 2034 GMT",
            "loginType": "idp",
            "provider": "okta.com"
        }
    }
}

{
    "error": "EntityID already exists for different tenant/product"
}

Get SAML Connections

Return any SSO connections associated with a tenant and product.

curl --location 'https://api.getomni.ai/get-saml-connections?tenant=getomni.ai&product=omni' \
--header 'x-api-key: 55e4d288-3c96-49d7-ac14-5fa7faa69ff6'

Example Response:

{
    "connections": [
        {
            "defaultRedirectUrl": "https://app.getomni.ai/api/auth/callback/saml",
            "redirectUrl": [
                "https://app.getomni.ai/api/auth/callback/saml"
            ],
            "tenant": "getomni.ai",
            "product": "omni",
            "clientID": "CLIENT_ID",
            "clientSecret": "CLIENT_SECRET",
            "forceAuthn": false,
            "sortOrder": null,
            "idpMetadata": {
                "sso": {
                    "postUrl": "https://dev-1234.okta.com/app/dev-1234/abcd/sso/saml",
                    "redirectUrl": "https://dev-1234.okta.com/app/dev-1234/abcd/sso/saml"
                },
                "slo": {},
                "entityID": "http://www.okta.com/abcd",
                "publicKey": "PUBLIC_KEY",
                "thumbprint": "THUMBPRINT",
                "validTo": "May  5 06:04:19 2034 GMT",
                "loginType": "idp",
                "provider": "okta.com",
                "friendlyProviderName": "Okta"
            },
            "deactivated": false
        }
    ]
}

{
    "connections": []
}

Delete SAML Connection

Delete a SSO connection associated with a tenant and product

curl --location --request DELETE 'https://api.getomni.ai/delete-saml-connection?tenant=getomni.ai&product=omni'

Example Response

{ "success": true }

{
  "error": "Invalid request"
}

PreviousLogging NextSign in with Google

Last updated 3 months ago