Learn how to authenticate into Tracecat with SAML SSO.
.env
file, make sure you have the following values set.
.pem
file as a base64-encoded string via the SAML_CA_CERTS
environment variable.Create an SAML app
Configure SAML settings
https://<your-tracecat-instance>/auth/saml/acs
.https://<your-tracecat-instance>
.Configure attribute statements
email
to user.email
Configure SAML settings in environment variables
.env
file:SAML_IDP_METADATA_URL
: Okta metadata URLRestart Tracecat instance
Test SSO configuration
Create an SAML app
Configure SAML settings
https://<your-tracecat-instance>/auth/saml/acs
.https://<your-tracecat-instance>/api
.https://<your-tracecat-instance>
.Configure attribute and claims
email
to user.mail
Create a provider
Configure the provider
https://<your-tracecat-instance>/auth/saml/acs
.https://<your-tracecat-instance>/api
.Configure assertion signing
Configure property mapping
Create an Application
Find metadata URL
Configure SAML settings in environment variables
.env
file:SAML_IDP_METADATA_URL
: Metadata download URLRestart Tracecat instance
Test SSO configuration
api
service:
SAML_ALLOW_UNSOLICITED
: Whether to allow unsolicited SAML responses (default: true
)SAML_ACCEPTED_TIME_DIFF
: Time difference in seconds for SAML authentication (default: 3
)SAML_AUTHN_REQUESTS_SIGNED
: Whether to require signed SAML authentication requests (default: false
)SAML_SIGNED_ASSERTIONS
: Whether to require signed SAML assertions (default: true
)SAML_SIGNED_RESPONSES
: Whether to require signed SAML responses (default: true
)SAML_VERIFY_SSL_ENTITY
: Whether to verify SSL certificates for general SAML entity operations (default: true
)SAML_VERIFY_SSL_METADATA
: Whether to verify SSL certificates when fetching metadata (default: true
)SAML_CA_CERTS
: Base64 encoded CA certificates for SSL/TLS transport layer validationSAML_METADATA_CERT
: Base64 encoded certificate for SAML metadata document signature verification