Single-Sign-On is an authentication method that allows a user to securely authenticate with multiple applications and websites using a single set of credentials.
In this guide, we have used Okta SAML authentication to integrate the SSO feature with jitsi meet.
Middleware for the integration was from the project Jitsi-SAML2JWT
Integration is based on 3 blog articles.
- Integrate single sign on authentication for Jitsi Meet via Okta
- Setup JWT, Secure domain and guest access with Jitsi Meet
- Setup middleware for Single sign on authentication for Jitsi Meet
After following this guide(1) you will be directed to other guides(2 and 3) from the links at the end of this blog.
To implement this feature with jitsi meet, following are needed.
- Server 1 - To install jitsi meet
- Server 2 - To implement middleware
- Okta account
Before the guide we will define few placeholders that will use throughout the guide. Please use original values according to your need
<JITSI_DOMAIN> : Jitsi domain <SSO_MIDDLWARE_DOMAIN> : Domain for the SSO Service Provider <SP_ENTITY_ID> : SP entity id. can be any unique value <METADATA_URL> : IDP metadata url. Will be define later <IDP_ENTITY_ID> : IDP entity id. Will be define later
Connect with Okta
Create an Okta account and go to admin panel.
Go to applications menu on left side
Click on create app integration
Select SAML 2.0
Give application name and click Next
Fill Following fields with as below and leave others default
- Single sign-on URL : https://<SSO_MIDDLWARE_DOMAIN>/Shibboleth.sso/SAML2/POST
- Audience URI (SP Entity ID) : <SP_ENTITY_ID>
- Add below Attribute Statements with following content
- urn:mace:dir:attribute-def:displayName : user.firstName
- urn:mace:dir:attribute-def:mail : user.email
Click next and finish. Now application should be created
Click on Sign-On tab and go to SAML Signing Certificates section. From there select active certificate and view IDP metadata. Copy that Url. This is <METADATA_URL>. Copy entityID from first line. This is <IDP_ENTITY_ID>
Go to Assignments and assign people to your application. Thats it for Okta configuration
Next: You have to create middleware and authentication in jitsi for Single Sign On function to work successfully