This section describes how to configure Okta to enable SAML 2.0 authentication for Zabbix.
1. Go to https://okta.com and register or sign in to your account.
4. Fill in the fields in the General settings tab (the first tab that appears) according to your preferences and press “Next”.
5. In the Configure SAML tab enter the values provided below, then press “Next”.
6. At the next tab, select “I'm a software vendor. I'd like to integrate my app with Okta” and press “Finish”.
7. Now, navigate to Assignments tab and press the “Assign” button, then select Assign to People from the drop-down.
8. In a popup that appears, assign created app to people that will use SAML 2.0 to authenticate with Zabbix, then press “Save and go back”.
9. Navigate to the Sign On tab and press the “View Setup Instructions” button. Setup instructions will be displayed in a new tab; keep this tab open while configuring Zabbix.
1. In Zabbix, go to SAML settings in the Administration → Authentication section and copy information from Okta setup instructions into corresponding fields:
2. Download the certificate provided in the Okta setup instructions page into ui/conf/certs folder as idp.crt, and set permission 644 by running:
chmod 644 idp.crt
Note, that if you have upgraded to Zabbix 5.0 from an older version, you will also need to manually add these lines to zabbix.conf.php file (located in the ui/conf/ directory):
// Used for SAML authentication. $SSO['SP_KEY'] = 'conf/certs/sp.key'; // Path to your private key. $SSO['SP_CERT'] = 'conf/certs/sp.crt'; // Path to your public key. $SSO['IDP_CERT'] = 'conf/certs/idp.crt'; // Path to IdP public key. $SSO['SETTINGS'] = ; // Additional settings
See generic SAML Authentication instructions for more details.
3. If Assertion Encryption has been set to Encrypted in Okta, a checkbox “Assertions” of the Encrypt parameter should be marked in Zabbix as well.
4. Press the “Update” button to save these settings.