We’ve raised $7.6M in funding! 🎉
Join the webinar!

How to Configure SAML 2.0 for Inflection.io

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.
Read this before you enable SAML
Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular sign-in page. They will be able to access the app through the Okta service.
Backup URL
Inflection.io doesn't provide a backup sign-in URL where users can sign in using their regular username and password. You can contact Inflection.io Support (team@inflection.io) to turn off SAML, if necessary.

Supported Features

The Okta/Inflection.io SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

1. Sign in to Inflection.io.

2. Go to Settings and enter the following:

The values for the following settings can be found on the Sign On tab of the Inflection Okta Application under "Metadata Details"

- Single Sign-On URL
- IDP Issuer
- Certificate

  • Make a copy of your Organisation Slug value.
  • Single Sign-On URL: Copy and paste the following:

    Sign On tab of the Inflection Okta Application under "Metadata Details" >> Sign on URL
  • IDP Issuer: Copy and paste the following:

    Sign On tab of the Inflection Okta Application under "Metadata Details" >> Issuer
  • Certificate: Download the certificate and save, then open in a text editor to get the value.

    Sign On tab of the Inflection Okta Application under "Metadata Details" >> Signing Certificate
  • Click Save Changes.

3. In Okta, select the Sign On tab for the Inflection.io SAML app, then click Edit.

  • Encryption Certificate: Save the following encryption certificate as encryption.crt then upload it to Okta.

    -----BEGIN CERTIFICATE-----
    MIIDADCCAmmgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBnDELMAkGA1UEBhMCdXMx
    EDAOBgNVBAgMB1NlYXR0bGUxFjAUBgNVBAoMDUluZmxlY3Rpb24uaW8xFjAUBgNV
    BAMMDWluZmxlY3Rpb24uaW8xEDAOBgNVBAcMB1NlYXR0bGUxFjAUBgNVBAsMDUlu
    ZmxlY3Rpb24uaW8xITAfBgkqhkiG9w0BCQEWEnRlYW1AaW5mbGVjdGlvbi5pbzAe
    Fw0yMTA5MTMxMzU0MDJaFw0yNDA2MDkxMzU0MDJaMIGcMQswCQYDVQQGEwJ1czEQ
    MA4GA1UECAwHU2VhdHRsZTEWMBQGA1UECgwNSW5mbGVjdGlvbi5pbzEWMBQGA1UE
    AwwNaW5mbGVjdGlvbi5pbzEQMA4GA1UEBwwHU2VhdHRsZTEWMBQGA1UECwwNSW5m
    bGVjdGlvbi5pbzEhMB8GCSqGSIb3DQEJARYSdGVhbUBpbmZsZWN0aW9uLmlvMIGf
    MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO9CWG+eZPHiNa7aeXe3ODq0ycFpHw
    pubHMVKvjTJaUua6tj+Ldb5aT5+PA7dlk4yP2OxeJZPvW33aDdmAALexLpHZj0Y6
    7owWIhHokejHAl/LL7JAItkOOrIJBaSTPdTlRhk7hvddKXGi9+xUDmmfxgGINDvM
    xVyLrpIliy7/kwIDAQABo1AwTjAdBgNVHQ4EFgQUg4C+MHYZk0ARLibvY1ZaZw6H
    +ZIwHwYDVR0jBBgwFoAUg4C+MHYZk0ARLibvY1ZaZw6H+ZIwDAYDVR0TBAUwAwEB
    /zANBgkqhkiG9w0BAQ0FAAOBgQCprBxkRMjPdUHFyXTtW5nmzO8bHSUDREJjHQ8w
    sJvuTqsiO5RqmG6N+ok1jLfXG9yvDz8zsI/busDySkoFiC037MOKBIvZe+21ImjN
    wttoLTJWDhdkWe0ru5UmDCLAKgo2qqf5Nhk0dVz7859uezXFwDi/MHZwb6QlhKL9
    8J1ezw==
    -----END CERTIFICATE-----

  • Scroll down to Advanced Sign-on Settings.
  • Enter your Organisation Slug (step 2) into the corresponding field.
  • Click Save.
  • Application username format: Select Email.

4. Done!

Notes

The following SAML attributes are supported:
Name Value
email user.email
name user.displayName

SP-initiated SSO

  1. Go to: https://app.inflection.io/login/start
  2. Enter your email, then click Continue.
  3. Click Continue with Okta.