PricingContact supportOpen app

Okta

This guide walks you through setting up SSO integration between Okta and Mailtrap using SAML 2.0, including optional role mapping configuration.

On Okta side

1

Navigate to Applications and click Create App Integration.

2

Select the Web Platform and SAML 2.0 as the Sign on method.

3

Enter app name and click on Next.

4

Provide the following SAML Provider details to Okta:

  • Entity ID = Audience URI (SP Entity ID)

  • Assertion Consumer Service URL = Single sign on URL

  • Name ID format should be set to EmailAddress

  • Application username should be set to email

5

To apply role mapping please add used for mapping attribute in Attribute Statements (optional)

6

Click Next and Finish.

Mailtrap configuration

After configuration is ready on Okta side, next step would be to setup Mailtrap.

In Okta, you will see info that "SAML 2.0 is not configured until you complete the setup instructions"

1

Click "View Setup Instructions"

2

Provide the following to Mailtrap from Okta:

  • IdP Entity ID (Identity Provider Issuer) = Identity Provider Issuer

  • Single Sign-on URL = Identity Provider Single Sign-On URL

  • X509 Certificate = X509 Certificate

3

Click Save in Mailtrap SSO configuration.

4

For Role mapping there is additional configuration, please find more details in the SSO Guide Step 4: Role mapping section

SAML role mapping

There are different ways how you can configure your Okta to provide needed attribute to Mailtrap.

Mailtrap allows you to configure role attributes mapping (it's name and value). So you can configure will Mailtrap receive a role name from Okta or true|false as a value.

  • Example of receiving boolean values in Attribute value

  • Example with Role name in Attribute value

There are several ways to do it in Okta. The best way is to consult with your team with help with configuration.

Map Okta group names to Mailtrap permissions

1

Create groups in Okta:

  • "MT Admin Group"

  • "MT Viewer Group"

2

Add users to groups

3

Update Okta application SAML attributes mapping

4

Update attribute statements to return new SAML attributes:

  • isMailtrapAdmin with value isMemberOfGroupName("MT Admin Group")

  • isMailtrapViewer with value isMemberOfGroup("00ggiqham4LuYTBPL5d7")

    • isMemberOfGroup accepts group id. Group id can be taken from URL when visiting group page

  • More about Okta expressions language here

5

Add SAML attributes mapping in Mailtrap with same attribute names

Debugging Okta integration

You can use SAML tracer to debug your SAML integration with Mailtrap.

You need to see a proper Attribute Name and Attribute Value in SAML request from Okta and they should match the ones you specified in Mailtrap SSO settings.

PreviousAzure (Microsoft Entra)NextGoogle Workspace

Last updated

Was this helpful?