diff --git a/assets/images/okta_integration/app_general_settings.png b/assets/images/okta_integration/app_general_settings.png new file mode 100644 index 00000000..ef614c00 Binary files /dev/null and b/assets/images/okta_integration/app_general_settings.png differ diff --git a/assets/images/okta_integration/appflowy_click_admin.png b/assets/images/okta_integration/appflowy_click_admin.png new file mode 100644 index 00000000..b6c22966 Binary files /dev/null and b/assets/images/okta_integration/appflowy_click_admin.png differ diff --git a/assets/images/okta_integration/appflowy_create_sso.png b/assets/images/okta_integration/appflowy_create_sso.png new file mode 100644 index 00000000..5a57731d Binary files /dev/null and b/assets/images/okta_integration/appflowy_create_sso.png differ diff --git a/assets/images/okta_integration/assign_appflowy.png b/assets/images/okta_integration/assign_appflowy.png new file mode 100644 index 00000000..04dbdfc0 Binary files /dev/null and b/assets/images/okta_integration/assign_appflowy.png differ diff --git a/assets/images/okta_integration/choose_saml_then_next.png b/assets/images/okta_integration/choose_saml_then_next.png new file mode 100644 index 00000000..ac30666c Binary files /dev/null and b/assets/images/okta_integration/choose_saml_then_next.png differ diff --git a/assets/images/okta_integration/click_on_admin.png b/assets/images/okta_integration/click_on_admin.png new file mode 100644 index 00000000..2ba0556d Binary files /dev/null and b/assets/images/okta_integration/click_on_admin.png differ diff --git a/assets/images/okta_integration/click_on_applications.png b/assets/images/okta_integration/click_on_applications.png new file mode 100644 index 00000000..93c05fa2 Binary files /dev/null and b/assets/images/okta_integration/click_on_applications.png differ diff --git a/assets/images/okta_integration/configure_saml.png b/assets/images/okta_integration/configure_saml.png new file mode 100644 index 00000000..c951092b Binary files /dev/null and b/assets/images/okta_integration/configure_saml.png differ diff --git a/assets/images/okta_integration/copy_metadata_url.png b/assets/images/okta_integration/copy_metadata_url.png new file mode 100644 index 00000000..cca2f938 Binary files /dev/null and b/assets/images/okta_integration/copy_metadata_url.png differ diff --git a/assets/images/okta_integration/create_app_integration.png b/assets/images/okta_integration/create_app_integration.png new file mode 100644 index 00000000..0d62a8f8 Binary files /dev/null and b/assets/images/okta_integration/create_app_integration.png differ diff --git a/assets/images/okta_integration/open_appflowy.png b/assets/images/okta_integration/open_appflowy.png new file mode 100644 index 00000000..8ea85d0e Binary files /dev/null and b/assets/images/okta_integration/open_appflowy.png differ diff --git a/assets/images/okta_integration/saml_integration_feedback.png b/assets/images/okta_integration/saml_integration_feedback.png new file mode 100644 index 00000000..67de79a0 Binary files /dev/null and b/assets/images/okta_integration/saml_integration_feedback.png differ diff --git a/doc/OKTA_SAML.md b/doc/OKTA_SAML.md index 07834be9..fa9adf6d 100644 --- a/doc/OKTA_SAML.md +++ b/doc/OKTA_SAML.md @@ -1,5 +1,73 @@ # Okta Authentication via SAML -- Guide for adding AppFlowy to [Okta](https://www.okta.com) +- AppFlowy supports Identity Provider(Idp) that uses SAML Assertion +- One example of such Idp is [Okta](https://www.okta.com) +- After the setup, you will be able to launch AppFlowy from Okta +- Feel free to reach us on Discord or create a GitHub issue if you have any problems related to the integration + +## Getting started - This guide assumes the following - You are an Admin of Okta Identity Provider - You have AppFlowy-Cloud deployed [Deployment](./DEPLOYMENT.md) + +## Steps (Okta) +![Click On Admin](../assets/images/okta_integration/click_on_admin.png) +- Click "Admin" on the top right corner of Okta dashboard/home page + +![Click On Applications](../assets/images/okta_integration/click_on_applications.png) +- Click the top left menu bar, then under "Applications", click "Applications" + +![Create App Integration](../assets/images/okta_integration/create_app_integration.png) +- Click "Create App Integration" + +![Choose SAML then next](../assets/images/okta_integration/choose_saml_then_next.png) +- Select SAML 2.0 then click "Next" + +![Okta create App](../assets/images/okta_integration/app_general_settings.png) +- In general settings, use "AppFlowy" as "App name" +- Optional: Select a logo +- Click "Next" + +![Configure SAML Integration](../assets/images/okta_integration/configure_saml.png) +In General +- Use `https:///gotrue/sso/saml/acs` for "Single sign-on URL" +- Use `https:///gotrue/sso/saml/metadata` for "Audience URI (SP Entity ID)" +In Attribute Statements (optional) +- Use `email` for "Name" +- Select "user.email" in the drop down for "Value" +- Click "Next" + +![SAML Integration Feedback](../assets/images/okta_integration/saml_integration_feedback.png) +- Use `https:///gotrue/sso/saml/acs` for "Single sign-on URL" +- Use `https:///gotrue/sso/saml/metadata` for "Audience URI (SP Entity ID)" +In Attribute Statements (optional) +- Select "I'm an Okta customer adding an internal app" +- Tick "This is an internal app that we have created" +- Click "Finish" + +## Steps (AppFlowy) +![AppFlowy Click Admin](../assets/images/okta_integration/appflowy_click_admin.png) +- Login as Admin in `https:///web/login` +- Click "Admin" on the top right corner + +![AppFlowy Click Admin](../assets/images/okta_integration/appflowy_click_admin.png) +- Login as Admin in `https:///web/login` +- Click "Admin" on the top right corner + +![Copy Metadata URL](../assets/images/okta_integration/copy_metadata_url.png) +- Go back to okta, navigate to "Applications" -> "AppFlowy" -> "Sign On", then copy the Metadata URL + +![AppFlowy Create SSO](../assets/images/okta_integration/appflowy_create_sso.png) +- In AppFlowy Admin page, Click on "Create SSO" on the left, paste the Metadata URL, then click "Create" + +![Check SSO](../assets/images/okta_integration/appflowy_create_sso.png) +- In AppFlowy Admin page, Click on "List SSO", you should see the SSO being created + +## App Visibility +In order for AppFlowy to be available for users, you may need to do the following +![Assign AppFlowy](../assets/images/okta_integration/assign_appflowy.png) +- In okta Admin -> "Applications" -> "AppFlowy", click on the settings icon +- Assign to various user or groups as needed by your organisation + +![Open AppFlowy](../assets/images/okta_integration/open_appflowy.png) +- In okta user page, you should see "AppFlowy" added +- Clicking on it should launch the App