-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #133 from Kong/insomnia/security-page-layout-copy
Insomnia: Edit Security landing page
- Loading branch information
Showing
24 changed files
with
559 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
--- | ||
title: Configure Azure SAML SSO in Insomnia | ||
|
||
products: | ||
- insomnia | ||
|
||
related_resources: | ||
- text: Authentication & Authorization in Insomnia | ||
url: /insomnia/authentication-authorization | ||
- text: Configure Okta SAML SSO in Insomnia | ||
url: /how-to/okta-saml-sso-insomnia | ||
|
||
tier: enterprise | ||
|
||
tags: | ||
- sso | ||
- third-party | ||
- authentication | ||
- security | ||
|
||
tldr: | ||
q: How do I configure SSO with SAML 2.0 and Azure in Insomnia? | ||
a: Obtain the single sign-on URL from the Insomnia SSO settings and add them to a new Microsoft Entra SAML Toolkit in Azure. Copy the Login URL and signing certificate from Azure and enter those in the Insomnia SSO settings. Finally, add users or groups to the Azure app integration and invite those same users to the Insomnia app. | ||
|
||
prereqs: | ||
inline: | ||
- title: Insomnia permissions | ||
include_content: prereqs/insomnia-sso | ||
icon_url: /assets/icons/insomnia/insomnia.svg | ||
- title: Azure permissions | ||
include_content: prereqs/azure-sso | ||
icon_url: /assets/icons/azure.svg | ||
- title: Domain permissions | ||
include_content: prereqs/sso-domain | ||
icon_url: /assets/icons/domain.svg | ||
--- | ||
|
||
## 1. Create the SSO connection in Insomnia | ||
|
||
Before you can configure the SSO connection in Azure, you must start configuring the SSO settings in Insomnia so you have access to the single-sign on URL and audience URI for the Azure settings. | ||
|
||
1. In your Insomnia account settings, click your account at the top right and select **Enterprise Controls** from the dropdown. | ||
1. Click **SSO** in the sidebar and then click **Create Connection**. | ||
1. In the SSO settings, enter your company's domain. | ||
|
||
Keep this window open while you configure the settings in Azure. | ||
|
||
## 2. Add the Microsoft Entra SAML Toolkit and configure SSO settings | ||
|
||
Now that you have the single-sign on URL from Insomnia, you can create a new Microsoft Entra SAML Toolkit. | ||
|
||
1. In the [Microsoft Entra admin center](https://entra.microsoft.com/), create a new application and [add the Microsoft Entra SAML Toolkit from the gallery](https://learn.microsoft.com/entra/identity/saas-apps/saml-toolkit-tutorial#add-microsoft-entra-saml-toolkit-from-the-gallery). | ||
1. Rename the toolkit "Insomnia SAML". | ||
1. [Navigate to the SSO settings](https://learn.microsoft.com/entra/identity/saas-apps/saml-toolkit-tutorial#configure-microsoft-entra-sso) for the Microsoft Entra SAML toolkit you just created. | ||
1. Configure the following SAML SSO settings: | ||
|
||
| Azure setting | Value | | ||
|--------------|-------| | ||
| Identifier (Entity ID) | The **Audience Restriction** field in the Insomnia SSO settings. | | ||
| Reply URL | The **SSO URL** in the Insomnia SSO settings. | | ||
| Sign on URL | The **SSO URL** in the Insomnia SSO settings. | | ||
1. In the [Attributes & Claims settings section](https://learn.microsoft.com/en-us/entra/identity-platform/saml-claims-customization#view-or-edit-claims), add an attribute and configure the following attribute settings: | ||
|
||
| Azure field | Value | | ||
|------|-------| | ||
| Name | `Email` | | ||
| Source attribute | `user.mail` | | ||
1. In the Entra application, find and copy the **Login URL** and the base64 version of the signing certificate. These will be used in the Insomnia SSO settings. | ||
|
||
## 3. Enter the sign on URL and signing certificate in the SSO settings in Insomnia | ||
|
||
Now that Azure SSO is configured and you have the Login URL and certificate from Azure, you can finish configuring the SSO settings in Insomnia. | ||
|
||
1. In the Insomnia SSO settings, enter the Login URL and signing certificate from Azure. | ||
1. To verify the connection, click **Create connection**. If the connection is successful, you will get a message that says "Your SAML connection has been successfully updated." | ||
|
||
## 4. Add users or groups to the application in Azure | ||
|
||
You can add users or groups to the application in Azure. They won't be allowed to log in with SSO yet though. | ||
|
||
In Azure, [assign users or groups to the app](https://learn.microsoft.com/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal#assign-users-and-groups-to-an-application-using-the-microsoft-entra-admin-center). | ||
|
||
## 5. Invite users to Insomnia | ||
|
||
Now that users or groups are assigned to the app in Azure, you can start inviting users to Insomnia. Once they accept the invite, they can log in to Insomnia with SSO. | ||
|
||
1. In your Insomnia account settings, click your account at the top right and select **Your organizations**. | ||
1. Click the organization you configured SSO for. | ||
1. Enter the emails of the users you added to the Azure app and click **Invite**. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
--- | ||
title: Configure Okta SAML SSO in Insomnia | ||
|
||
products: | ||
- insomnia | ||
|
||
related_resources: | ||
- text: Authentication & Authorization in Insomnia | ||
url: /insomnia/authentication-authorization | ||
- text: Configure Azure SAML SSO in Insomnia | ||
url: /how-to/azure-saml-sso-insomnia | ||
|
||
tier: enterprise | ||
|
||
tags: | ||
- sso | ||
- third-party | ||
- authentication | ||
- security | ||
|
||
tldr: | ||
q: How do I configure SSO with SAML 2.0 and Okta in Insomnia? | ||
a: Obtain the single sign-on URL and audience URI from the Insomnia SSO settings and add them to an application integration in Okta. Copy the sign on URL and signing certificate from Okta and enter those in the Insomnia SSO settings. Finally, add users or groups to the Okta app integration and invite those same users to the Insomnia app. | ||
|
||
prereqs: | ||
inline: | ||
- title: Insomnia permissions | ||
include_content: prereqs/insomnia-sso | ||
icon_url: /assets/icons/insomnia/insomnia.svg | ||
- title: Okta permissions | ||
include_content: prereqs/okta-sso | ||
icon_url: /assets/icons/okta.svg | ||
- title: Domain permissions | ||
include_content: prereqs/sso-domain | ||
icon_url: /assets/icons/domain.svg | ||
--- | ||
|
||
## 1. Create the SSO connection in Insomnia | ||
|
||
Before you can configure the SSO connection in Okta, you must start configuring the SSO settings in Insomnia so you have access to the single-sign on URL and audience URI for the Okta settings. | ||
|
||
1. In your Insomnia account settings, click your account at the top right and select **Enterprise Controls** from the dropdown. | ||
1. Click **SSO** in the sidebar and then click **Create Connection**. | ||
1. In the SSO settings, enter your company's domain. | ||
|
||
Keep this window open while you configure the settings in Okta. | ||
|
||
## 2. Configure SAML 2.0 SSO in Okta | ||
|
||
Now that you have the single-sign on URL and audience URI from Insomnia, you can create a new app integration in Okta. | ||
|
||
1. Create a [new app integration in Okta](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_saml.htm). | ||
1. For the Sign-in method, select **SAML 2.0**. | ||
1. Configure the general settings as needed. | ||
1. Configure the following app [SAML settings](https://help.okta.com/en-us/content/topics/apps/aiw-saml-reference.htm): | ||
|
||
| Okta setting | Value | | ||
|--------------|-------| | ||
| Single sign-on URL | Copy this from the SSO settings in Insomnia. | | ||
| Audience URI (SP Entity ID) | Copy this from the SSO settings in Insomnia. | | ||
| Name ID format | EmailAddress | | ||
| Application username | Email | | ||
| Update application username on | Create and update | | ||
1. In the Attribute Statements, add the following attribute: | ||
|
||
| Name | Name format | Value | | ||
|------|-------------|-------| | ||
| `email` | Unspecified | user.email | | ||
1. Save the new application. | ||
1. In the application Sign On page, find and copy the **Sign on URL**. This will be used for the sign on URL in Insomnia. | ||
1. [Create a signing certificate](https://help.okta.com/en-us/content/topics/apps/manage-signing-certificates.htm) for your app and copy the certificate. This will be used in the Insomnia SSO settings. | ||
|
||
## 3. Enter the sign on URL and signing certificate in the SSO settings in Insomnia | ||
|
||
Now that Okta SSO is configured and you have the sign on URL and certificate from Okta, you can finish configuring the SSO settings in Insomnia. | ||
|
||
1. In the Insomnia SSO settings, enter the sign on URL and signing certificate from Okta. | ||
1. To verify the connection, click **Create connection**. If the connection is successful, you will get a message that says "Your SAML connection has been successfully updated." | ||
|
||
## 4. Add users or groups to the application in Okta | ||
|
||
You can add users or groups to the application in Okta. They won't be allowed to log in with SSO yet though. | ||
|
||
In Okta, [assign users or groups to the app integration](https://help.okta.com/en-us/content/topics/apps/apps-manage-assignments.htm). | ||
|
||
## 5. Invite users to Insomnia | ||
|
||
Now that users or groups are assigned to the app in Okta, you can start inviting users to Insomnia. Once they accept the invite, they can log in to Insomnia with SSO. | ||
|
||
1. In your Insomnia account settings, click your account at the top right and select **Your organizations**. | ||
1. Click the organization you configured SSO for. | ||
1. Enter the emails of the users you added to the Okta app and click **Invite**. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
You need: | ||
* A Microsoft Entra subscription that can enable the Microsoft Entra SAML Toolkit SSO | ||
* Cloud Application Administrator or Application Administrator permissions |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
You need: | ||
* Admin permissions for your org in Insomnia | ||
* An organization created after activating your Enterprise license in Insomnia. You can create an org from the Insomnia account settings. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
You need an admin account for [Okta](https://login.okta.com/). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
You need a domain you own as well as permissions to make DNS records. |
83 changes: 83 additions & 0 deletions
83
app/_landing_pages/insomnia/authentication-authorization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
metadata: | ||
title: Authentication and authorization at Insomnia | ||
breadcrumbs: | ||
- /insomnia/ | ||
description: Secure Insomnia with native or external authentication and authorization. | ||
tags: | ||
- authentication | ||
- authorization | ||
- whitelist | ||
|
||
rows: | ||
- header: | ||
type: h1 | ||
text: "Authentication and authorization at Insomnia" | ||
columns: | ||
- blocks: | ||
- type: structured_text | ||
config: | ||
blocks: | ||
- type: text | ||
text: "Secure Insomnia by setting up native or external authentication and configure authorization settings." | ||
|
||
- header: | ||
type: h2 | ||
text: "Authentication" | ||
columns: | ||
- blocks: | ||
- type: structured_text | ||
config: | ||
blocks: | ||
- type: text | ||
text: | | ||
To authenticate with Insomnia, you can use either external authentication (SSO) or native authentication to log in to the Insomnia app. For SSO, you can use any identity provider (IdP) that supports SAML 2.0. | ||
If you are looking for information about how to authenticate requests in Insomnia, see [Request authentication](/insomnia/request-authentication/). | ||
- columns: | ||
- blocks: | ||
- type: card | ||
config: | ||
title: Configure SSO with Microsoft Entra SAML | ||
description: Learn how to configure Microsoft Entra as your SAML provider for SSO with Insomnia | ||
icon: /assets/icons/azure.svg | ||
cta: | ||
text: Learn more | ||
url: /how-to/azure-saml-sso-insomnia | ||
align: end | ||
- blocks: | ||
- type: card | ||
config: | ||
title: Configure SSO with Okta SAML | ||
description: Learn how to configure Okta as your SAML provider for SSO with Insomnia | ||
icon: /assets/icons/okta.svg | ||
cta: | ||
text: Learn more | ||
url: /how-to/okta-saml-sso-insomnia | ||
align: end | ||
|
||
- header: | ||
type: h2 | ||
text: "Authorization" | ||
columns: | ||
- blocks: | ||
- type: structured_text | ||
config: | ||
blocks: | ||
- type: text | ||
text: | | ||
Authorization controls who can do what in Insomnia. | ||
Authorization ensures users have the correct permissions and that you can access the Insomnia app through allowlisting domains. | ||
- columns: | ||
- blocks: | ||
- type: card | ||
config: | ||
title: Domain allowlist reference | ||
description: Learn which domains to add to your allowlist so all Insomnia features work correctly | ||
icon: /assets/icons/insomnia/allowlist.svg | ||
cta: | ||
text: Learn more | ||
url: /insomnia/allowlist | ||
align: end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.