Skip to content
  • There are no suggestions because the search field is empty.

Okta (SAML, Enterprise)

How to configure SAML for Okta in TestMonitor.

Single Sign-on (SSO) allows users to log in to TestMonitor using as a trusted enterprise identity provider. It uses SAML (Security Assertion Markup Language), a widely used standard that lets Okta securely verify user identities and pass that information to TestMonitor. This enables employees to authenticate using their existing Okta credentials.

Using Okta SAML SSO provides centralized identity security, streamlined onboarding, and full enterprise-level access control.

This feature is available to customers with an Enterprise plan.

Supported Features

  • Service Provider (SP)-Initiated SSO: Users start at TestMonitor and are redirected to Okta for authentication.
  • Identity Provider (IdP)-Initiated SSO: Users can launch TestMonitor directly from the Okta user dashboard.
  • Full access control from Okta: use groups, conditional access, MFA, and user profile policies to manage who can access TestMonitor.
  • Custom sign-on button: A dedicated Sign in with SAML badge appears on the TestMonitor login screen.
  • Automatic account creation (auto-provisioning): Users are created automatically when signing in for the first time.
  • SCIM provisioning: Synchronize users and deprovision accounts automatically if SCIM is enabled in your environment.

Before You Begin

To configure Okta SAML SSO, ensure that you:

  • Have access to an Okta tenant.
  • Have administrator permissions for that tenant.
  • Have a TestMonitor administrator account.

After completing these requirements, follow the steps below.

Set Up TestMonitor as Application in Okta

You must add TestMonitor as an Application inOkta before completing SSO setup:

  1. Sign in to the your Okta admin dashboard.
  2. Navigate to Applications.
  3. Click Create App Integrations.
  4. Select SAML 2.0 and click Next.
  5. Name the app (e.g., TestMonitor) and optionally upload a logo that you want to be displayed when users login.
  6. Click Next.
  7. Now open the TestMonitor application.
  8. In the left menu, select Single sign-on and choose SAML.
  9. Keep the SAML configuration page open—you’ll need these details in the next step.

Let’s get started with configuring SSO in TestMonitor.

Configure Single Sign-on in TestMonitor

Once the TestMonitor app has been created in Okta, you can proceed with configuring TestMonitor:

  1. Click on the gear icon on the top to head over to the general settings.
  2. Under Security in the left menu, select Single Sign-on.
  3. Toggle the switch to Use Single Sign-on.
  4. Select SAML as your SSO provider.
  5. You’ll need to copy several URLs from TestMonitor and enter them into the appropriate fields on the Okta SAML configuration page:
    1. Copy the ACS URL from TestMonitor and enter it into the Single sign-on URL field.
    2. Make sure that the Use this for Recipient URL and Destination URL checkbox is checked.
    3. Copy the Metadata URL (Entity ID) from TestMonitor and enter it into the Audience URI (SP Entity ID) field.
    4. Leave the Default RelayState field empty.
    5. Keep the default value Unspecified for the Name ID format field.
    6. Keep the default value Okta Username for the Application username field.
    7. Keep the default value Create and update for the Update application username on field.
    8. Click on Next and then Finish.
  6. Next, you’ll need to copy several URLs from Okta and enter them into the appropriate fields on the TestMonitor SSO page:
    1. On the Okta SAML application page click on the Sign On section, locate the SAML 2.0 settings and click on More details. Here you will find the Sign On, Sign Out and Issuer URL’s.
    2. Copy the Sign on URL from Okta and enter it in the SSO URL field in TestMonitor.
    3. Copy the Issuer URL from Okta and enter it into the Issuer URL field.
    4. Copy the Sign out URL from Okta and enter it into the SLO URL field.
  7. You'll need to supply the certificate used to digitally sign and encrypt authentication data:
    1. In Okta, click on Copy next to Signing Certificate.
    2. Paste the contents into the X.509 Certificate field within TestMonitor.
  8. Enter your company name in the Company Name field, which appears on the TestMonitor login screen.
  9. Optionally, enable Disable Default Login to prevent non-administrator users from signing in with their TestMonitor email and password, ensuring they can only access TestMonitor via SSO.
  10. Click on Save in TestMonitor to activate your SAML configuration.

You can now test your SAML configuration if needed:

  1. Ensure that the user account you want to login with is assigned to the Okta SAML application by going to the Assignments section, then click Assign and Assign to People.
  2. Select the Okta email address is also registered as a user in TestMonitor and click Assign and then Save and go back.
  3. Visit the login page of you TestMonitor environment (e.g., mydomain.testmonitor.com/).
  4. Click on the Sign in with My Company button (using the company name you specified).
  5. If your SAML configuration is correct, you’ll be seamlessly signed in with your Okta account.

After enabling Single Sign-on, you have the option to activate SCIM provisioning, which automatically synchronizes user accounts assigned to the Okta SAML application with your TestMonitor environment.

Using Single Sign-on via Okta

To authenticate using Okta (SAML):

  1. Open your TestMonitor login page (e.g., mydomain.testmonitor.com).
  2. Click the Sign in with My Company button (using the company name you specified).
  3. You’ll be redirected to the Okta sign-in page, enter your work account credentials.
  4. After successful authentication, Okta redirects you back to TestMonitor.
  5. You are now signed in.

Users can also access TestMonitor directly from the Okta User Dashboard when enabled in Okta.

Configure SCIM Provisioning with Okta

TestMonitor supports SCIM (System for Cross-domain Identity Management) for automated user provisioning and deprovisioning. When SCIM is enabled, Okta can automatically create, update, and remove users in TestMonitor based on your user assignments.

To activate SCIM, first make sure you've completed the SAML setup. Once you've done that, follow these steps:

  1. On the TestMonitor Single Sign-on page, switch on the SCIM option.
  2. Leave this SCIM configuration page open—you’ll need these details shortly.
  3. In Okta, select the TestMonitor application you set up during the SAML configuration process.
  4. Navigate to the General section.
  5. Click Edit.
  6. Under Provisioning, select SCIM.
  7. Click Save.
  8. Navigate to the Provisioning section.
  9. Click Edit.
  10. Copy the SCIM Base URL from TestMonitor and use it as the SCIM connector base URL.
  11. In the Unique identifier field for users field type the text: email.
  12. For the Supporting provisions actions make sure the following checkboxes are checked:
    • Import New Users and Profile Updates
    • Push New Users
    • Push Profile Updates
  13. Select HTTP header as the Authentication Mode.
  14. Copy the SCIM Bearer Token from TestMonitor and use it as the Authorization under the HTTP settings.
  15. Click on Test Connector Configuration, when the test is successful close the dialog.
  16. Click on Save.
  17. You'll be taken to the Provisioning overview.
  18. Make sure the To App section is active and click on Edit.
  19. Enable these options:
    • Create Users
    • Update User Attributes
    • Deactivate Users
  20. Click on Save to activate provisioning.

Once provisioning is enabled, you can manage TestMonitor user access directly from Okta. Navigate to the Assignments section for your Okta TestMonitor application and assign the relevant users as needed.

Configure Auto Provisioning

When auto provisioning is enabled, users who don't already have a TestMonitor account can sign in and have their account created automatically. If auto provisioning is disabled, only existing TestMonitor users are able to log in.

To activate auto provisioning, follow these steps:

  1. On the TestMonitor Single Sign-on page, switch on the Auto provisioning option.
  2. Specify your allowed email domains. Only users with email addresses matching these domains will be automatically provisioned.
  3. Optionally, you can specify a default project and role for newly provisioned users.

Ensure your subscription includes enough user seats to accommodate all provisioned accounts. You can disable auto-provisioning at any time if needed.

Disable Single Sign-on

To disable SSO:

  1. Click on the gear icon on the top right for Settings.
  2. Under Access & Security in the left menu, select Single Sign-on.
  3. Toggle the switch off for Use Single Sign-on.

Be sure to turn off the Okta TestMonitor App and, if enabled, your SCIM configuration to prevent Okta from continuing to synchronize users with TestMonitor.

Troubleshooting

If you encounter errors involving the SAML and Okta integration, here are some steps you can take to troubleshoot the issue:

Check the SAML / provisioning logs in Okta

Click on View Logs in your Okta TestMonitor application, review the sign-in and provisioning logs for any errors. These logs can provide insight into potential issues and help identify what may be causing problems.

Incorrect endpoint URL's

Verify the IdP Sign-in URL, Entity ID, and X.509 certificate in TestMonitor match exactly what’s provided in Okta, and ensure the user exists in both systems with matching emails.

Invalid or Expired Certificate

Check the X.509 certificate in Okta for expiration. If expired, generate a new certificate in Okta and update the corresponding certificate in TestMonitor.

Provisioning Not Triggering

Make sure the intended users or groups are assigned to the TestMonitor application in Okta, and check the provisioning scope includes those assignments.

Contact Support

If these solutions do not resolve your issue, feel free to reach out to our support team for additional assistance.