Configuring SAML SSO
NPK supports SAML integration for user authentication, and is extremely easy to configure with federated providers such as Okta or PingIdentity. In order to complete the integration, you need to have a function installation of NPK to start with. If you haven't gotten that far yet, see the Step-by-Step Setup Instructions.
At the bottom of your NPK deployment output, you'll see a number of 'outputs', among which you'll find your saml_acs_url and saml_entity_id. Copy these values, as we'll need them in the next steps.
Create a new, custom SAML application in your identity provider, and configure the ACS URL and Entity ID with the values you got from the deployment outputs. Your identity provider may not have the exact same field names as you see here, but they're usually pretty close.
Once these values are populated, you'll see an area where you can define 'claims' or 'attributes'. Remove any that are present by default, and add a new one with the following values:
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Name Format: URI Reference Value: user.email
Then save your configuration. Once the application is created in your identity provider, you should find a 'Metadata File' or 'Metadata URL'. Either download the file or copy the link (copying the link is preferred), and come back to your NPK installation.
If you've copied the link address, update your npk-settings.json file to set sAMLMetadataUrl to the URL you copied. If you downloaded the file, save the contents to your CloudShell somewhere, and set sAMLMetadataFile to the absolute path of the XML file.
Once set, run npm run deploy to pick up the changes and apply them to your deployment. When finished, your NPK login page will show a 'Login with SAML' button that your users can click to log in with SAML!
