Browse to the Admin Dashboard by clicking Admin on your main Okta page.
Go to Applications by clicking Applications in the header.
Click Add Application.
Click Create New App.
Choose Web as the Platform and select SAML 2.0 for the Sign on method.
Name your application Humio and upload a logo for your login button
You can use this logo if you like, or one you provide yourself:
Click Next to continue.
In the General area of the SAML Settings configuration
a. Set the Single sign on URL to
b. Set the Audience URI (SP Entity ID)
c. Set the Name ID format field to
d. Set the Application username field to
Your General SAML Settings should look something like this now
In the Group Attribute Statements area of the SAML Settings configuration,
add a single attribute with the Name set to
role, the Name format set
Basic, the Filter set to
Matches regex and the value set to
On the Feedback step
a. Choose I’m an Okta customer adding an internal app.
b. Check This is an internal app that we have created.
On the next page you should see the details view for the application you just created. On that page, click View Setup Instructions.
The next page will provide you with three key pieces of information you’ll need to set up Humio to work with Okta — the Identity Provider Single Sign-On URL, the Identity Provider Issuer, and the X.509 Certificate as pictured below Leave this page open for reference.
Assign the application to any users or groups you want to have access to Humio by following Okta’s instructions.
Okta is now configured to work with Humio and all that’s left is to configure Humio to work with Okta.
Add the following to your Humio config file
AUTHENTICATION_METHOD=saml SAML_IDP_SIGN_ON_URL=<Identity Provider Single Sign-On URL> SAML_IDP_ENTITY_ID=<Identity Provider Issuer> SAML_IDP_CERTIFICATE=<Path to location of Okta X.509 Certificate> SAML_GROUP_MEMBERSHIP_ATTRIBUTE=role AUTO_UPDATE_GROUP_MEMBERSHIPS_ON_SUCCESSFUL_LOGIN=true AUTO_CREATE_USER_ON_SUCCESSFUL_LOGIN=true
Replace the portions wrapped in angle brackets above with the values on the page you saw in Step 14 under the Okta Configuration section.
SAML_IDP_CERTIFICATE expects the filesystem path to
the certificate from Step 14 on the machine running Humio (this
certificate must be available on each Humio node).
a. Docker — replace the running containers with new ones (note that a simple stop/start will not work — the container must be replaced).
b. Bare Metal — restart the Humio service (
Browsing to your Humio domain should now redirect you to Okta for authentication. If you\’re already logged in to Okta, it will automatically authenticate and redirect you back to Humio.
By default, users will only have access to a Sandbox repository. You can control what they have access to using Role Based Authorization (RBAC).
Initially, none of the users will be set as a Root Humio user, so you’ll need to promote the very first one manually through the API as described here.