SAML SSO
Learn how to authenticate into Tracecat with SAML SSO
Supported Identity Providers
- Okta
- Microsoft Entra ID
Configuration
In your .env file, make sure you have the following value set.
Prerequisites
- Either: an Okta account. You can sign up for a 30-day free trial here.
- Or: a Microsoft Entra ID account. You can sign up for a 90-day free trial here.
Instructions
Okta
Create an SAML app
Go to Applications and select Add Application. Select SAML 2.0 and click on Create.
Configure ACS endpoint
Set the Single sign-on URL to https://<your-tracecat-instance>/api/saml/acs.
Configure SAML settings in environment variables
Set the following environment variables in your .env file:
SAML_IDP_CERTIFICATE: Okta SAML X.509 certificate as textSAML_IDP_METADATA_URL: Okta metadata URL
Do not include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the SAML_IDP_CERTIFICATE environment variable.
Restart Tracecat instance
Restart Tracecat to apply the changes.
Test SSO configuration
Navigate to your Tracecat instance and click on the Login button. You should be redirected to Okta for authentication.
Microsoft Entra ID
Create an SAML app
Go to Enteprise applications and create a new Microsoft Entra SAML Toolkit application.
Configure ACS endpoint
Set the Reply URL and Sign-on URL to https://<your-tracecat-instance>/api/saml/acs.
Configure SAML settings in environment variables
Set the following environment variables in your .env file:
SAML_IDP_CERTIFICATE: Microsoft Entra ID SAML Base64-encoded certificate as textSAML_IDP_METADATA_URL: Microsoft Entra ID metadata URL
Do not include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the SAML_IDP_CERTIFICATE environment variable.
Restart Tracecat instance
Restart Tracecat to apply the changes.
Test SSO configuration
Navigate to your Tracecat instance and click on the Login button. You should be redirected to Microsoft Entra ID for authentication.