Skip to content

Commit

Permalink
Merge pull request #133 from Kong/insomnia/security-page-layout-copy
Browse files Browse the repository at this point in the history
Insomnia: Edit Security landing page
  • Loading branch information
cloudjumpercat authored Nov 19, 2024
2 parents d37e86c + 2b049b9 commit d62a2c9
Show file tree
Hide file tree
Showing 24 changed files with 559 additions and 48 deletions.
89 changes: 89 additions & 0 deletions app/_how-tos/azure-saml-sso-insomnia.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
---
title: Configure Azure SAML SSO in Insomnia

products:
- insomnia

related_resources:
- text: Authentication & Authorization in Insomnia
url: /insomnia/authentication-authorization
- text: Configure Okta SAML SSO in Insomnia
url: /how-to/okta-saml-sso-insomnia

tier: enterprise

tags:
- sso
- third-party
- authentication
- security

tldr:
q: How do I configure SSO with SAML 2.0 and Azure in Insomnia?
a: Obtain the single sign-on URL from the Insomnia SSO settings and add them to a new Microsoft Entra SAML Toolkit in Azure. Copy the Login URL and signing certificate from Azure and enter those in the Insomnia SSO settings. Finally, add users or groups to the Azure app integration and invite those same users to the Insomnia app.

prereqs:
inline:
- title: Insomnia permissions
include_content: prereqs/insomnia-sso
icon_url: /assets/icons/insomnia/insomnia.svg
- title: Azure permissions
include_content: prereqs/azure-sso
icon_url: /assets/icons/azure.svg
- title: Domain permissions
include_content: prereqs/sso-domain
icon_url: /assets/icons/domain.svg
---

## 1. Create the SSO connection in Insomnia

Before you can configure the SSO connection in Azure, you must start configuring the SSO settings in Insomnia so you have access to the single-sign on URL and audience URI for the Azure settings.

1. In your Insomnia account settings, click your account at the top right and select **Enterprise Controls** from the dropdown.
1. Click **SSO** in the sidebar and then click **Create Connection**.
1. In the SSO settings, enter your company's domain.

Keep this window open while you configure the settings in Azure.

## 2. Add the Microsoft Entra SAML Toolkit and configure SSO settings

Now that you have the single-sign on URL from Insomnia, you can create a new Microsoft Entra SAML Toolkit.

1. In the [Microsoft Entra admin center](https://entra.microsoft.com/), create a new application and [add the Microsoft Entra SAML Toolkit from the gallery](https://learn.microsoft.com/entra/identity/saas-apps/saml-toolkit-tutorial#add-microsoft-entra-saml-toolkit-from-the-gallery).
1. Rename the toolkit "Insomnia SAML".
1. [Navigate to the SSO settings](https://learn.microsoft.com/entra/identity/saas-apps/saml-toolkit-tutorial#configure-microsoft-entra-sso) for the Microsoft Entra SAML toolkit you just created.
1. Configure the following SAML SSO settings:

| Azure setting | Value |
|--------------|-------|
| Identifier (Entity ID) | The **Audience Restriction** field in the Insomnia SSO settings. |
| Reply URL | The **SSO URL** in the Insomnia SSO settings. |
| Sign on URL | The **SSO URL** in the Insomnia SSO settings. |
1. In the [Attributes & Claims settings section](https://learn.microsoft.com/en-us/entra/identity-platform/saml-claims-customization#view-or-edit-claims), add an attribute and configure the following attribute settings:

| Azure field | Value |
|------|-------|
| Name | `Email` |
| Source attribute | `user.mail` |
1. In the Entra application, find and copy the **Login URL** and the base64 version of the signing certificate. These will be used in the Insomnia SSO settings.

## 3. Enter the sign on URL and signing certificate in the SSO settings in Insomnia

Now that Azure SSO is configured and you have the Login URL and certificate from Azure, you can finish configuring the SSO settings in Insomnia.

1. In the Insomnia SSO settings, enter the Login URL and signing certificate from Azure.
1. To verify the connection, click **Create connection**. If the connection is successful, you will get a message that says "Your SAML connection has been successfully updated."

## 4. Add users or groups to the application in Azure

You can add users or groups to the application in Azure. They won't be allowed to log in with SSO yet though.

In Azure, [assign users or groups to the app](https://learn.microsoft.com/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal#assign-users-and-groups-to-an-application-using-the-microsoft-entra-admin-center).

## 5. Invite users to Insomnia

Now that users or groups are assigned to the app in Azure, you can start inviting users to Insomnia. Once they accept the invite, they can log in to Insomnia with SSO.

1. In your Insomnia account settings, click your account at the top right and select **Your organizations**.
1. Click the organization you configured SSO for.
1. Enter the emails of the users you added to the Azure app and click **Invite**.
93 changes: 93 additions & 0 deletions app/_how-tos/okta-saml-sso-insomnia.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
---
title: Configure Okta SAML SSO in Insomnia

products:
- insomnia

related_resources:
- text: Authentication & Authorization in Insomnia
url: /insomnia/authentication-authorization
- text: Configure Azure SAML SSO in Insomnia
url: /how-to/azure-saml-sso-insomnia

tier: enterprise

tags:
- sso
- third-party
- authentication
- security

tldr:
q: How do I configure SSO with SAML 2.0 and Okta in Insomnia?
a: Obtain the single sign-on URL and audience URI from the Insomnia SSO settings and add them to an application integration in Okta. Copy the sign on URL and signing certificate from Okta and enter those in the Insomnia SSO settings. Finally, add users or groups to the Okta app integration and invite those same users to the Insomnia app.

prereqs:
inline:
- title: Insomnia permissions
include_content: prereqs/insomnia-sso
icon_url: /assets/icons/insomnia/insomnia.svg
- title: Okta permissions
include_content: prereqs/okta-sso
icon_url: /assets/icons/okta.svg
- title: Domain permissions
include_content: prereqs/sso-domain
icon_url: /assets/icons/domain.svg
---

## 1. Create the SSO connection in Insomnia

Before you can configure the SSO connection in Okta, you must start configuring the SSO settings in Insomnia so you have access to the single-sign on URL and audience URI for the Okta settings.

1. In your Insomnia account settings, click your account at the top right and select **Enterprise Controls** from the dropdown.
1. Click **SSO** in the sidebar and then click **Create Connection**.
1. In the SSO settings, enter your company's domain.

Keep this window open while you configure the settings in Okta.

## 2. Configure SAML 2.0 SSO in Okta

Now that you have the single-sign on URL and audience URI from Insomnia, you can create a new app integration in Okta.

1. Create a [new app integration in Okta](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_saml.htm).
1. For the Sign-in method, select **SAML 2.0**.
1. Configure the general settings as needed.
1. Configure the following app [SAML settings](https://help.okta.com/en-us/content/topics/apps/aiw-saml-reference.htm):

| Okta setting | Value |
|--------------|-------|
| Single sign-on URL | Copy this from the SSO settings in Insomnia. |
| Audience URI (SP Entity ID) | Copy this from the SSO settings in Insomnia. |
| Name ID format | EmailAddress |
| Application username | Email |
| Update application username on | Create and update |
1. In the Attribute Statements, add the following attribute:

| Name | Name format | Value |
|------|-------------|-------|
| `email` | Unspecified | user.email |
1. Save the new application.
1. In the application Sign On page, find and copy the **Sign on URL**. This will be used for the sign on URL in Insomnia.
1. [Create a signing certificate](https://help.okta.com/en-us/content/topics/apps/manage-signing-certificates.htm) for your app and copy the certificate. This will be used in the Insomnia SSO settings.

## 3. Enter the sign on URL and signing certificate in the SSO settings in Insomnia

Now that Okta SSO is configured and you have the sign on URL and certificate from Okta, you can finish configuring the SSO settings in Insomnia.

1. In the Insomnia SSO settings, enter the sign on URL and signing certificate from Okta.
1. To verify the connection, click **Create connection**. If the connection is successful, you will get a message that says "Your SAML connection has been successfully updated."

## 4. Add users or groups to the application in Okta

You can add users or groups to the application in Okta. They won't be allowed to log in with SSO yet though.

In Okta, [assign users or groups to the app integration](https://help.okta.com/en-us/content/topics/apps/apps-manage-assignments.htm).

## 5. Invite users to Insomnia

Now that users or groups are assigned to the app in Okta, you can start inviting users to Insomnia. Once they accept the invite, they can log in to Insomnia with SSO.

1. In your Insomnia account settings, click your account at the top right and select **Your organizations**.
1. Click the organization you configured SSO for.
1. Enter the emails of the users you added to the Okta app and click **Invite**.

3 changes: 3 additions & 0 deletions app/_includes/prereqs/azure-sso.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
You need:
* A Microsoft Entra subscription that can enable the Microsoft Entra SAML Toolkit SSO
* Cloud Application Administrator or Application Administrator permissions
3 changes: 3 additions & 0 deletions app/_includes/prereqs/insomnia-sso.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
You need:
* Admin permissions for your org in Insomnia
* An organization created after activating your Enterprise license in Insomnia. You can create an org from the Insomnia account settings.
1 change: 1 addition & 0 deletions app/_includes/prereqs/okta-sso.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
You need an admin account for [Okta](https://login.okta.com/).
1 change: 1 addition & 0 deletions app/_includes/prereqs/sso-domain.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
You need a domain you own as well as permissions to make DNS records.
83 changes: 83 additions & 0 deletions app/_landing_pages/insomnia/authentication-authorization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
metadata:
title: Authentication and authorization at Insomnia
breadcrumbs:
- /insomnia/
description: Secure Insomnia with native or external authentication and authorization.
tags:
- authentication
- authorization
- whitelist

rows:
- header:
type: h1
text: "Authentication and authorization at Insomnia"
columns:
- blocks:
- type: structured_text
config:
blocks:
- type: text
text: "Secure Insomnia by setting up native or external authentication and configure authorization settings."

- header:
type: h2
text: "Authentication"
columns:
- blocks:
- type: structured_text
config:
blocks:
- type: text
text: |
To authenticate with Insomnia, you can use either external authentication (SSO) or native authentication to log in to the Insomnia app. For SSO, you can use any identity provider (IdP) that supports SAML 2.0.
If you are looking for information about how to authenticate requests in Insomnia, see [Request authentication](/insomnia/request-authentication/).
- columns:
- blocks:
- type: card
config:
title: Configure SSO with Microsoft Entra SAML
description: Learn how to configure Microsoft Entra as your SAML provider for SSO with Insomnia
icon: /assets/icons/azure.svg
cta:
text: Learn more
url: /how-to/azure-saml-sso-insomnia
align: end
- blocks:
- type: card
config:
title: Configure SSO with Okta SAML
description: Learn how to configure Okta as your SAML provider for SSO with Insomnia
icon: /assets/icons/okta.svg
cta:
text: Learn more
url: /how-to/okta-saml-sso-insomnia
align: end

- header:
type: h2
text: "Authorization"
columns:
- blocks:
- type: structured_text
config:
blocks:
- type: text
text: |
Authorization controls who can do what in Insomnia.
Authorization ensures users have the correct permissions and that you can access the Insomnia app through allowlisting domains.
- columns:
- blocks:
- type: card
config:
title: Domain allowlist reference
description: Learn which domains to add to your allowlist so all Insomnia features work correctly
icon: /assets/icons/insomnia/allowlist.svg
cta:
text: Learn more
url: /insomnia/allowlist
align: end

8 changes: 8 additions & 0 deletions app/_landing_pages/insomnia/collections.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,14 @@ rows:
text: Learn more
url: /how-to/chain-requests/
align: end
- blocks:
- type: card
config:
title: Request authentication
cta:
text: Learn more
url: /insomnia/request-authentication/
align: end

- header:
type: h2
Expand Down
Loading

0 comments on commit d62a2c9

Please sign in to comment.