Integration of SAML 2.0 Okta with Google Identity Provider

0
votes

I need to integration SAML 2.0 with our app using Google Identity Provider Hi

Our app is currently using Google Cloud Platform and Firebase in its architecture, and I've been assigned to integrate SAML 2.0 using Okta into the app. I am really confused with the different terms I've on both platforms. I've been following the guide on Okta and Google Cloud Platform but still unable to successfully crack this problem.

My questions are from both Okta and Google Cloud Platform side which I'll ask here one by one

Okta when creating a new Application

  1. Audience URI (SP Entity ID) what is this ?
  2. Default RelayState What is this ?
  3. Identity Provider Single Sign-On URL:
  4. Identity Provider Issuer:

Now Google Identity provider is asking for some fields, all I need to know which fields of Okta are relevant to Google Identity Provider

  1. idpEntityId
  2. providerId
  3. rpEntityId
  4. ssoUrl

I know this is a very basic question. But any help would be really appreciated.

Thanks

2
google-cloud-platformsamloktagoogle-identity

2 Answers

2
votes

Implementation of Okta app with description :

  1. Single sign on URL : The location where the SAML assertion is sent with a HTTP POST. This is often referred to as the SAML Assertion Consumer Service (ACS) URL for your application. ex: https://your.domain.name/Controller/Action

  2. Audience URI (SP Entity ID) : The application-defined unique identifier that is the intended audience of the SAML assertion. This is most often the SP Entity ID of your application. ex: https://your.domain.name

  3. Default RelayState :Identifies a specific application resource in an IDP initiated Single Sign-On scenario. In most instances this is blank. ex: keep this as a blank .

  4. Using Attributes Statement you can pass user email and first name and last name fields to service provider.

  5. After completing setup "On SignOn Tab" click on "View Setup Instructions" where you can get "Identity Provider Issuer:" detail like : http://www.okta.com/XXXXXXXXXXX where "xxxxxx" is unique. (you app identification)

0
votes

For the Google Identity Provider fields:

  1. IdPentityID: The SAML IdP entity identifier

  2. providerId: The unique provider identifier. For a SAML provider, this must be prefixed by saml.

  3. rpEntityId: The SAML relying party (service provider) entity ID. This is commonly the URL of the app. On the SAML identity provider, this is referred to as the audience. So this would be Audience URI or SP Entity ID from Okta.

  4. ssoUrl: The SAML IdP SSO URL (Identity Provider Single Sign-On URL). This has to be a valid URL.

I found these links that may help you integrate SAML 2.0 with your applications. You can find how to Manage SAML and OIDC providers here [1], and how to use Okta to authenticate users here [2], and how to sign in users with SAML here [3].

[1] https://cloud.google.com/identity-platform/docs/managing-providers-programmatically#node.js

[2] https://cloud.google.com/endpoints/docs/openapi/authenticating-users-okta

[3] https://cloud.google.com/identity-platform/docs/web/saml#redirect