Note: SAML is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.
1. Login to okta and add Application
2. Select SAML 2.0 and click Next
3. Fill App Name and click next
4. Fill the SAML setting
Click on Next after providing the Single sign on URL and entity ID in the SAML settings.
5. Check I'm an Okta customer adding an internal app & This is an internal app that we have created and click Finish
On the next page you can see the setup instructions.
6. You can copy paste the settings found in setup instructions to Ezeelogin GUI > Setting > SAML
Or you can click on the Identity Provider metadata, then it will open a page containing metadata.
Copy the URL of the page and paste it to Metadata URL on Ezeelogin GUI > Settings > SAML Metadata URL and click on the Fetch button, it will autofill the SAML settings and Save it.
7. Select Directory -> People from left panel and select add person to add user in OKTA.
8. Activate and assign user to application by clicking user in people tab.
9. Change Web panel Authentication to SAML from Ezeelogin GUI > Settings > General >Authentication
10. Enable Auto Create User from Ezeelogin GUI -> Settings -> General -> Security -> Enable Auto Create User
12. Login to Ezeelogin GUI with SAML authentication .
13. After logging into GUI, you need to reset the password and security code of the SAML user under Account -> Password in order to SSH to Ezsh shell.
14. You can log in to Ezeelogin shell via Webssh shell or using any SSH client such as Putty or terminal etc.
WebSSH: Click on the 'Open Web SSH Console' icon to SSH via the browser
WebSSH terminal will open like below. Users can navigate the server group with the Up and Down arrow buttons and enter to login into the server.
Native SSH Client: After resetting the password and security code you can SSH to the Ezsh shell (using Terminal or Putty) with the SAML username.
15. If you are SSH ing with 2FA enabled using Putty or Terminal it would prompt you to enter the 2FA codes, The 2FA step can be disabled for SAML Authentication under Settings > Two Factor Authentication> Skip Two Factor Authentication for SAML. The user will be able to ssh without being prompted for the 2FA codes only if the user is logged into the web panel, otherwise if the user is not logged into the webpanel it would prompt for the 2FA codes.
We would recommend you to use the webssh shell when you are using SAML authentication. Using webssh shell is a lot more convenient as you would not have to worry about the SSH password or the security code for the users.