Drupal SAML Single Sign On using Okta as Identity Provider

The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Okta and the Drupal site. The users will be able to log in to the Drupal site using their Okta credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Okta as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, and Drupal 10.

Drupal SAML SP Metadata:

• After installing the module on your Drupal site, in the Administration menu, navigate to Configuration → People → miniOrange SAML Login Configuration. (/admin/config/people/miniorange_saml/idp_setup)

• Under the Service Provider Metadata tab, copy the SP Entity ID/Issuer and SP ACS URL. Keep it handy. (This is required to configure Okta as an Identity Provider).

Configure SAML Single Sign-On Application in Okta:

• Login into your Okta admin console.
• Navigate to Applications from the left panel and click on the Applications.

• Under Applications, click on the Create App Integration button.

• Select SAML 2.0 and click on Next button.

• In the General Settings, enter the App Name and click on the Next button.

• Paste the copied information from the Service Provider tab of Drupal site, under the SAML Settings section referring below.

  Okta Field	Service Provider Information (Drupal)
  Single Sign On URL	SP ACS URL
  Audience URI (SP Entity ID)	SP Entity ID/Issuer


• Click on the Save button.
• Under Feedback, select the appropriate option from Are you a customer or partner? Click on the Finish button.

• Under the Sign On tab, click on the Copy link to copy the Metadata URL. Keep it handy. (This is required to configure Drupal as SAML SP.)

Assign Groups/People in Okta Application:

• Navigate to the Assignments tab.

• Click on the Assign button and select the Assign to People option.

• Click on the Assign button corresponding to the user to be assigned to this application.

• Click on the Save and Go Back button.

• The user has been successfully assigned to application.

Configure Drupal as SAML Service Provider:

• Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP Metadata.
• Paste the previously copied Okta Metadata URL into the Upload Metadata URL text field. Click on the Fetch Metadata button.


Note: To update Identity Provider Name, follow these steps:

• Under Action, select the Edit.
• Enter Okta in the Identity Provider Name text field.
• Scroll down and click on the Save Configuration button.


• Click on the Test link to test the connection between Drupal and Okta.

• On a Test Configuration popup sign in using Okta credentials (if an active session is not present). After successful authentication, a list of attributes that are received from Okta will be displayed. Click on the Done.

Congratulations! you have successfully configure Okta as SAML Identity Provider (IdP) and Drupal as SAML Service Provider.

How does SAML SSO login work?

• Open a new browser/private window and navigate to the Drupal site login page.
• Click the Login using Identity Provider (Okta) link.
• You will be redirected to the Okta login page. Enter the Okta credentials. After successful authentication, the user will be redirected back to the Drupal site.