Okta setup

Control access to BugSnag using Okta.

BugSnag’s integration with Okta provides:

  • Authentication and authorization (SAML)
  • User and group/team provisioning and deprovisioning (SCIM)

Setup SAML

To configure SAML:

  1. In BugSnag settings select Organization -> Single sign-on (Admin access is required):

    • Copy the SAML endpoint URL to your clipboard. Configure SSO
  2. In Okta Admin, select Applications then Browse App Catalog and search for “Bugsnag SAML”. Select Add Integration.

  3. In General Settings:

    • SAML Endpoint URL - Paste the URL copied from BugSnag.
    • Select Next, assign users as requred, then Done. Configure Okta app
  4. In the Sign On tab:

    • Under SAML Signing Certificates, select Actions and copy the link to the IdP metadata to your clipboard (the URL not the metadata itself) Okta metadata link
    • Select Next.
  5. In BugSnag:

    • Paste the IdP metadata URL in the SAML/IdP Metadata field.
    • Select Auto-provision collaborators if you would like accounts to be automatically created for new users when they first log in (see SCIM for full provisioning and deprovisioning support).
    • Select whether users will be granted access to all current projects or no projects by default. Users will only be added up to your plan’s collaborator limit. After provisioning, access to projects can be managed by any Admin.
    • Select Enable SSO.
  6. Users assigned to the app in Okta can now log in to BugSnag.

Setup provisioning and deprovisioning (SCIM)

Provisioning and deprovisioning is available on Enterprise plans.

The following provisioning and deprovisioning features are supported:

  • Create users
  • Update user names and email addresses
  • Deactivate users
  • Push groups
  1. In the BugSnag settings of an organization administrator, select My Account -> Personal auth tokens:

    • Generate a new auth token which will be used for SCIM. Configure SSO
  2. Select Organization -> Single sign-on (Admin access is required):

    • Copy the SCIM Base URL. Configure SSO
  3. In Okta Admin, open the configuration for the BugSnag application and in the Provisioning tab.

    • Enter the SCIM base URL and auth token in the Integration section. Okta SCIM base URL
    • Ensure the provisioning options are enabled in the To App section. Enable Provisioning
  4. In the Sign On tab:

    • Ensure Application username format is set to Email.

Session Timeout

If a SessionNotOnOrAfter value is present in the SAML authentication response, it will be used to set the timeout of the BugSnag session.

Please see the Okta documentation for information about setting SessionNotOnOrAfter in your SAML responses.

Known issues