Skip to end of metadata
Go to start of metadata

Introduction

Jitterbit supports single sign-on (SSO) for Okta using SAML 2.0 as of version 8.29. This page shows how to set up Jitterbit as a SAML application in Okta and obtain the Identify Provider and Service Provider metadata needed for Setting Up SSO in Jitterbit. After SSO is configured in both Okta and Jitterbit, members of your Jitterbit org will be able to use their Okta credentials to log in to Jitterbit.

TIP: For additional reference, see Okta's documentation on Setting Up a SAML Application in Okta.

Set Up Jitterbit as a SAML Application in Okta

Before you can set up SSO in Jitterbit, you will need to set up Jitterbit as a SAML application within Okta.

  1. Log in to your Okta organization as a user with administrative privileges.

    CAUTION: In order to set up SSO in Jitterbit, your Okta username must match your Harmony email address. This applies to the members of your org as well, unless they are configured to bypass SSO. See additional requirements in Setting Up SSO in Jitterbit.

  2. In Okta's Classic UI, click the Admin button, then click the Add Applications shortcut, then click the Create New App button.
  3. In the Create a New Application Integration window, select the SAML 2.0 option and click Create.
  4. On the Create SAML Integration page, several steps walk you through configuring the new app. In the first step, General Settings, enter an App name for Jitterbit, such as "Jitterbit SAML Application," and click Next.

  5. In the next step, Configure SAML, provide the following information under part A, SAML Settings. Do not change any other default settings. When finished, you can skip part B and click Next to continue.

    1. Single sign on URL: This is the URL where the callback will be received, and is also referred to as the ACS URL in the Management Console. Enter the ACS URL for the Management Console for your specific region (see Finding My Region):

      • NA: https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml

      • EMEA: https://emea-west.jitterbit.com/jitterbit-cloud-mgmt-console/saml

      • APAC: https://apac-southeast.jitterbit.com/jitterbit-cloud-mgmt-console/saml

    2. Requestable SSO URLs: To show this field, select the checkbox for Allow this app to request other SSO URLs above. Then enter the ACS URL used for callback for Design Studio for your specific region (see Finding My Region):

      • NA: https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback

      • EMEA: https://emea-west.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback

      • APAC: https://apac-southeast.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback

        NOTE: The Management Console and Design Studio ACS URLs are interchangeable in the fields entered above. For example, you could instead provide the Design Studio URL as the Single sign on URL and the Management Console URL as the Requestable SSO URL, so long as each is provided in one of these locations.

    3. Audience URI (SP Entity ID): This URI must be unique to the Jitterbit application, and is also referred to as the Entity Id in the Management Console. Any unique URI can be used in this field. For simplicity, enter the same URL entered in the Single sign on URL above. You will need to provide this unique URI later when you Construct Service Provider Metadata.

  6. Complete the last step, Feedback, and click Finish to finish creating your app.

Obtain Identity Provider Metadata

Now that Jitterbit has been set up as a SAML application in Okta, you can obtain the Identity Provider metadata needed for Setting Up SSO in Jitterbit.

  1. Go to the Sign On tab of your newly created Jitterbit application. If continuing from Set Up Jitterbit as a SAML Application in Okta, you will already be here.
  2. Use the link "Identity Provider metadata" to download the metadata file needed by Jitterbit.

  3. The contents of the metadata file will be similar to the following sample. You will need to use your own Identity Provider metadata as input in Setting Up SSO in Jitterbit.

    Sample Identity Provider Metadata
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exknvfdjbL8smSRvK2p6"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDqjCCApKgAwIBAgIGAWFj+QgOMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJVUzETMBEG
    A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
    MBIGA1UECwwLU1NPUHJvdmlkZXIxFjAUBgNVBAMMDWppdHRlcmJpdGJsdWUxHDAaBgkqhkiG9w0B
    CQEWDWluZm9Ab2t0YS5jb20wHhcNMTgwMjA1MDMxNzQwWhcNMjgwMjA1MDMxODQwWjCBlTELMAkG
    A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTAL
    BgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRYwFAYDVQQDDA1qaXR0ZXJiaXRibHVl
    MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
    CgKCAQEAwRuDKQWs/uWFEulxYk1/V436/zhy/XxAL3swKUdfFlevC4XZcQtTdpspgwdt0TIgTpz1
    dZGx5ystxz1slZ5e9jk20iHAsRuzKKeL657DDFHlG8Qg7HCg8B55TKKhTUsYQLikqeWx8R7F+rHh
    dG6eEJut4/CHOMlb/G4Ynrq8tpwlqVtaqLZrL2GPfEKUJVOvqxHeqVqmB7Pduh3E9/7rgEN6yXiL
    6hISTRLIb13TGGyqpLPMRsgJnkMifQMI12OK0PQnFqRc2ES0JUnWhpv/WN4VYuvN3SgaIgE5VY86
    C0J8IB6ljXx6uJj6EeC60KTmDUPtC1Au345jzBwY9yKLoQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
    AQAD7Ba6pwUUmxCtiqKE4E4JwMMCUrlHghL80Vru3SHWU3GdMEM9kVizVUcM57QzyIlwx8KdCXbB
    yfxo8Eh88mAYDRifLmeospLQvC5OhfF/5XKmsTa5JnF+bSB41iCZUsB88byLI1nARFZGznboQXK9
    pT3egaEHsWffiIYR+Y2lcAW66OH6FEZ0lTy628q1LsuS/UruA3so+qFgPqTc0yiZEv65MZQWd1cg
    qRlLK1bcoR4d5Qfo0nWFDBXWqX4LX4c5xe7zh4wtbiG1i9Oh8qWJp8KUmgfSkQf79mUhib9YvzBE
    RdXU7eUS0/E3G21yLa9wQtHkEY3cIDs58AEIpuR0</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://jitterbitblue.okta.com/app/jitterbitorg316974_jitterbitsamlapplication_1/exknvfdjbL8smSRvK2p6/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://jitterbitblue.okta.com/app/jitterbitorg316974_jitterbitsamlapplication_1/exknvfdjbL8smSRvK2p6/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>

    NOTE: If you receive an error of "No valid signing cert found" when testing SSO using SAML, you may be able to resolve it by checking that you have a KeyDescriptor tag and sub-tag with use="signing" specified in your identity provider metadata, similar to the above example.

Assign Users

Before members of your organization can begin using SSO in Jitterbit, they will also need to be assigned to the Jitterbit application within Okta.

NOTE: These users will also need to be members of the Jitterbit organization with SSO enabled, as described under Manage SSO Org Members in Setting Up SSO in Jitterbit.
  1. Go to the Assignments tab of your newly created Jitterbit application.
  2. Click on the Assign button and choose Assign to People. Then assign each member of your organization that will log in to Jitterbit using Okta credentials.

  3. When finished, click Done.

Construct Service Provider Metadata

This portion of the procedure is not configured from within the Okta UI but is provided for reference in Jitterbit. You will need to provide the Service Provider metadata as input while Setting Up SSO in Jitterbit.

WMC

This section shows how to construct the XML metadata for the Harmony Portal, to be entered for the WMC client.

NOTE: Although the user interface refers to WMC, the former name for the Management Console, when you select WMC as the Harmony client, this configuration applies to all of the web-based products accessible via the Harmony Portal, including Cloud Studio, API Manager, Citizen Integrator, and Management Console.

Use the sample payload below, replacing the entityID  with the unique value used in the  Audience URI (SP Entity ID)  from step 5c above if applicable and the  Location with the Management Console URL for your specific region (see Finding My Region ):

  • NA: https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml
  • EMEA: https://emea-west.jitterbit.com/jitterbit-cloud-mgmt-console/saml
  • APAC: https://apac-southeast.jitterbit.com/jitterbit-cloud-mgmt-console/saml
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 entityID="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml">
 <md:SPSSODescriptor
 protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
 <md:AssertionConsumerService index="1" isDefault="true"
 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 Location="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml"/>
 </md:SPSSODescriptor>
</md:EntityDescriptor>

Studio

This section shows how to construct the XML metadata for Design Studio, to be entered for the Studio client.

Use the sample payload below, replacing the entityID  with the unique value used in the  Audience URI (SP Entity ID)  from step 5c above if applicable and the  Location with the Design Studio URL for your specific region (see  Finding My Region ):

  • NA: https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback
  • EMEA: https://emea-west.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback
  • APAC: https://apac-southeast.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
 xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
 entityID="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/saml">
 <md:SPSSODescriptor
 protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
 <md:AssertionConsumerService index="1" isDefault="true"
 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 Location="https://na-east.jitterbit.com/jitterbit-cloud-mgmt-console/login/studio/callback"/>
 </md:SPSSODescriptor>
</md:EntityDescriptor>
On This Page

Last updated:  Apr 22, 2019