License AdministratorsSAML Single Sign-On (SSO)Configure SAML SSO with Okta

Configure SAML SSO with Okta

This guide walks you through configuring SAML Single Sign-On for Bruno using Okta as your identity provider.

Before you begin, make sure you have completed the prerequisites and have admin access to both Okta and the Bruno License Portal.

Configure SSO in Bruno

Before configuring a SAML application in Okta, first configure SSO in Bruno.

  1. Log in to the Bruno License Portal
  2. Navigate to SettingsSSO in the left sidebar
Bruno SSO Configuration settings page

  1. Toggle the Enable SSO switch on

  2. Note the following values (you’ll need these when configuring Okta):

    • SAML ACS URL: Copy this URL exactly as shown in Bruno
    • SP Issuer ID / Entity ID: Set your own unique identifier (e.g., bruno-sso, bruno-okta, your-company-bruno, etc.)
Bruno SSO Configuration settings page with SAML ACS URL and SP Issuer ID / Entity ID highlighted

Keep this page open in a separate tab - you’ll return here after configuring Okta to complete the Bruno SSO setup.

Configure SSO with Okta

Step 1: Create a New SAML Application

  1. Log in to your Okta Admin Console
  2. Navigate to ApplicationsApplications in the left sidebar
  3. Click Create App Integration
Create App Integration in Okta
  1. Select SAML 2.0 as the sign-in method
  2. Click Next
Select SAML 2.0 as sign-in method

Step 2: Configure General Settings

  1. Enter the following information:
    • App name: Set your own unique identifier (e.g., Bruno, Bruno-SAML-App, etc.)
    • App logo: (Optional) Upload Bruno logo
    • App visibility: Configure based on your organization’s preferences
  2. Click Next
Configure general settings for Bruno SAML app in Okta

Step 3: Configure SAML Settings

Copy the values from the Bruno SSO settings page and paste them into your SAML configuration in Okta.

Single Sign-On URL:

  1. In the Single sign-on URL field, copy and paste the SAML ACS URL from Bruno

  2. Check Use this for Recipient URL and Destination URL

Audience URI (SP Entity ID):

  1. In the Audience URI (SP Entity ID) field, paste the SP Issuer ID / Entity ID value from the Bruno License Portal
    • Important: This value must match EXACTLY what you configured in the Bruno SSO Configuration page

Name ID Format:

  1. Select EmailAddress from the Name ID format dropdown

Application Username:

  1. Select Email from the Application username dropdown
Configure Audience URI (SP Entity ID) in Okta

Step 4: Configure Attribute Statements

Bruno requires two specific SAML attributes to be configured. Add the following attribute statements:

NameName FormatValueNotes
rolesUnspecifiedAny role value from OktaCan be a static value (e.g., "admin") or mapped to existing Okta user attributes/groups
fullNameUnspecifieduser.firstName+" "+user.lastNameConcatenates first and last name. Can also use a single name field if available.

Configuring the roles attribute:

The roles attribute can be configured in several ways:

  1. Static value for testing: Set a hardcoded value like "admin" for all users assigned to this app

    • Example: Value = "admin"

  2. Map to existing or created Okta user attribute: If your Okta users already have a role attribute or you create a specific attribute for Bruno roles

    • Example: Value = user.userType or user.role or user.brunoRole

Important: The role value sent by Okta will be mapped to Bruno access levels in the License Portal’s SSO Settings. You’ll configure which role values correspond to admin or user access in Bruno (see Step 2 in the Bruno configuration section below).

Example Scenarios:

  • If you set Value = "Engineering", you’ll add Engineering to either “Admin Roles” or “User Roles” in Bruno
  • If you set Value = user.department, and a user’s department is IT, you’ll add IT to the appropriate role field in Bruno

Configuring the fullName attribute:

The fullName attribute can be configured by:

  • Concatenating first and last name: user.firstName+" "+user.lastName
  • Using a single field if your Okta user profile has a combined name field
  • Mapping to any existing user property that contains the full name
Configure attribute statements in Okta showing roles and fullName
⚠️

Important: Both roles and fullName attributes are required for Bruno SAML SSO to function correctly. The attribute names are case-sensitive and must match exactly as shown.

Preview the SAML Assertion

  1. Scroll down to the Preview the SAML assertion generated from the information above section
  2. Click Preview the SAML Assertion
  3. Verify the generated XML contains the configured attributes: NameID Format,roles, fullName
  4. Click Next

Step 5: Complete Okta App Setup

  1. On the Feedback page:
    • Select I’m an Okta customer adding an internal app
    • Check This is an internal app that we have created
  2. Click Finish
Complete Okta app setup

Finish SSO Configuration in Bruno

Step 1: Add SSO URL to Bruno License Portal

IdP Login URL / SSO URL

  1. In your configure Okta application, navigate to the Sign On tab
  2. Scroll down to the SAML 2.0 section, expand the Hide details section
  3. Copy the following values (you’ll need these for Bruno configuration):
    • Sign on URL: Copy this URL
Copy SAML metadata from Okta
  1. Return to the Bruno License Portal tab you opened from the earlier configuration
  2. Navigate to SettingsSSO (if not already there)
  3. Under SAML Configuration paste the Sign on URL from Okta into the IdP Login URL / SSO URL field
Paste SSO URL into Bruno SSO settings

Step 2: Add IdP Certificate to Bruno License Portal

Okta IdP Certificate

  1. Scroll down the Sign On tab to SAML Signing Certificates
  2. Click Generate new certificate
  3. For the newly generated certificate, click the Actions dropdown and select Download Certificate
Download SAML certificate from Okta
  1. Open the downloaded certificate file and copy the contents (include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines)
  2. Return to the Bruno License Portal tab you opened from the earlier configuration
  3. Under SAML Configuration paste the certificate contents into the IdP Certificate field
Paste SAML certificate into Bruno SSO settings

Step 3: Map the role values from Okta to Bruno access levels

  1. Under the Bruno License Portal in the SSO Configuration page, scroll down to the Role Mapping section

  2. Admin Roles: Enter the role values (comma-separated) that should have admin access to Bruno

    • Example: admin,BrunoAdmin,IT-Administrators
    • These values must match what you configured in the roles attribute in Okta
    • Users with these roles can access the admin panel and manage licenses

  3. User Roles: Enter the role values (comma-separated) that should have user access to Bruno

    • Example: user,Engineering,Developers,QA
    • These values must match what you configured in the roles attribute in Okta
    • Users with these roles will be able to activate their Bruno licenses with SSO. They will not have access to the admin panel.
Configure role mapping in Bruno License Portal

How Role Mapping Works:

The role value you configured in Okta’s roles attribute statement will be sent in the SAML assertion. Bruno will check if this value matches any role in the “Admin Roles” or “User Roles” fields.

Example:

  • In Okta, you set the roles attribute to "Engineering"
  • In Bruno Admin Roles, you enter: admin,BrunoAdmin
  • In Bruno User Roles, you enter: user,Engineering,QA
  • Result: Users with the Engineering role are able to activate their Bruno licenses with SSO (matches “Engineering” in User Roles)
⚠️

Important: Role values are case-sensitive. Ensure the values in Okta’s roles attribute match exactly with the values you enter in Bruno’s Admin Roles or User Roles fields.

Step 4: Configure Session Settings

  1. Scroll down to the Session Timeout section:
    • Set the session timeout in seconds (default: 3600 = 1 hour)
  2. Click Save Configuration to apply your SAML SSO configuration
Configure session timeout in Bruno License Portal

Test Your SAML Configuration

Assign Users or Groups

  1. In your Okta Bruno application, navigate to the Assignments tab
  2. Click AssignAssign to People or Assign to Groups
    • Note: Users assigned must already exist in your subscription under the Bruno License Portal in order to login with SSO
  3. Select the users or groups that should have access to Bruno
  4. Click Assign and Done
Assign users or groups to Bruno app in Okta

Test SSO Login

  1. Navigate to the Bruno License Portal (https://license.usebruno.com/)
  2. Enter the email address of a user assigned to the Bruno app in Okta
  3. Click Login with SSO
  4. You should be redirected to Okta to authenticate
Login with SSO in Bruno License Portal
  1. If your user is an admin in Bruno and contains the correct role mapping, you should be redirected back to the Bruno License Portal

Next Steps

After setting up SSO with Okta, you can:

Related Resources

For more information about configuring SAML SSO and managing attributes in Okta, refer to these Okta documentation resources:

OverviewConfigure SAML SSO with Entra ID