This covers setting up an SSO connection with Okta, but the steps are applicable to other SSO providers. The general process will be:
Creating a SAML 2.0 application in your provider
Configuring the application with your OmniAI callback url
Establishing an SSO connection using the Metadata url
Step 1: Create a new app integration
You must select the SAML 2.0 application type.
Step 2: Configure your application
Set the Single sign-on URL, Audience URI, and NameID-Format. If you are hosting Omni on a domain, the SSO url will be the api.domain.com/api/callback/saml. The audience URI will be domain.com. And Name ID format must be EmailAddress.
Under Attributes, it's required that you map firstName, lastName, and email. If presented with a checkbox on the final page, select "I'm an Okta Customer adding an internal app".
Step 3: Retrieve Metadata URL
Once you've created your app, you will see a Metadata URL. This is what OmniAI uses to establish an SSO connection. Copy that url for the final step.
Step 4: Create SAML connection on OmniAI
Retrieve the Metadata url from Okta, and pass this as an argument to the /create-saml-connection api endpoint. The tenant will be the top level domain that users are expected to sign in with. Example, if I will authenticate with tyler@getomni.ai the tenant must be getomni.ai.
After a successful response, you will receive a 200 with additional meta data about your SAML connection. You can then sign in using your Okta console, or via OmniAI login page.
API Endpoints
The following API endpoints are available for creating and managing SAML connections.
POST/create-saml-connection
GET/get-saml-connections
DELETE/delete-saml-connection
Create new SAML Connection
Create a new SAML connection using your metadata url.
