Okta Authentication for FireHydrant Status Pages

With FireHydrant's status pages, you have the option of locking them behind your SSO provider so that only employees or other organization members can access them.

Prerequisite: You'll first want to configure the status page by creating it and then setting up the CNAME records. Once the page is created and accessible, you can start working through these instructions to lock it behind authentication.

Note: We currently only support SAML 2.0 for SSO-authenticated status pages. In addition, this limits access to anyone in your organization who can login via SSO and is not limited to only users with FireHydrant licenses.

Okta SAML

1. General Settings

First, you'll want to create a SAML 2.0 application in your provider.

  • When selecting the type, choose SAML 2.0.
  • Provide a descriptive name for your application, such as "Internal Status Page."

Authenticated Status Pages Okta setup pt 1a

Authenticated Status Pages Okta setup pt 1b

2. Configure SAML

For configuring the SAML, use the information below to populate the SAML settings and attribute mappings, where <custom domain> is the custom domain for your status page.

General

Setting Value
Single sign-on URL https://<custom domain>
Use this for Recipient URL and Destination URL
Audience URI https://<custom domain>/auth/dex/callback
Default RelayState -leave blank-
Name ID format Unspecified
Application username Okta username
Update application username on Create and update
Other Requestable SSO URLs* https://<custom domain>/auth/dex/callback
  • *Click on Show advanced settings to display this box

Attribute Statements

Name Value
Email user.email

3. Complete Setup and Notify FireHydrant Support

On the Feedback screen, ensure that you specify you’re creating an internal application, otherwise Okta may reach out about publishing the app in their marketplace.

Authenticated Status Pages Okta Metadata

Once the above is finished, download the Identity Provider Metadata XML, and then attach it when opening a support ticket.

Your support representative will complete the setup with you from there.

Next Steps

Last updated on 12/6/2023