Enigma Single-Sign-On(SSO) is compatible with any SAML 2.0 identity provider, such as Okta or Active Directory Federation Services.

For illustrative purposes, the following step-by-step details how to configure Okta as a SAML provider for the Enigma Console.

Configure Okta Part 1

1. Click on "Browse App Catalog

2. Select "SAML Service Provider"

3. Click "Add Integration"

4. Complete setup wizard for the SAML app

5. Navigate to the SAML app and make note of the "Metadata URL". This will be used later when onboarding to the Enigma Console

6. Keep this tab open; you will be returning to it later.

Configure Enigma Console

1. Login to the Console using standard sign-in (username + password)

2. Go to https://console.engima.com/organization

3. Click on "Configure Identity Provider"

4. Fill out all the fields in the form and click "Save Configuration"

5. Copy the values provided in the "Enigma Sign-On Settings" panel. These values will be used in the final step detailed in Configure Okta Part 2

Configure Okta Part 2

1. Return to your Okta SAML configuration tab.

2. Click "Edit" in the "Settings" panel and add attribute mappings for email, givenname, familyname, and name

3. Add the "Enigma Sign-On Settings" values to the SAML app

4. Any users assigned to the SAML app will now be able to login through SSO from https://console.enigma.com/login?sso=true

IdP-Initiated Login Not Supported

Enigma does not support IdP-initiated login. Users cannot login by clicking the Enigma tile/app directly from their identity provider (e.g., Okta dashboard).

SSO users must always initiate their federated login by visiting https://console.enigma.com/login?sso=true and entering their email address.

Note: There is a slight propagation delay of a few minutes for the Enigma Console to recognize the onboarded identity provider. If logging in with SSO does not work immediately after following the above steps, wait a few minutes and try again.