Skip to main content

Overview

This integration allows your users to sign in to Fiddler using their existing Okta account, without needing a separate Fiddler password. Users are automatically provisioned on their first successful login — no manual invitations required.

Prerequisites

Before starting, ensure you have:
  • Okta Administrator Access: Permissions to create and configure applications in your Okta organization.
  • Fiddler AuthN Administrator Access: Org Owner role in Fiddler’s AuthN management console.
  • Deployment Information: The hostname of your Fiddler deployment, e.g. idpexample.dev.fiddler.ai.

Configuring Okta and Fiddler for Integration

1

Fiddler AuthN Console Sign-in

The URL to the Fiddler AuthN management console is your Fiddler instance base URL prepended with authn-. For example, if your Fiddler base URL is https://idpexample.dev.fiddler.ai then you will access the AuthN management console at https://authn-idpexample.dev.fiddler.ai.
Sign in using the AuthN console Org Owner user account credentials provided by your Fiddler representative.Fiddler AuthN console sign-in page
2

Select Your Organization

Ensure your organization is selected in the dropdown. You may see the fiddler organization, but this is reserved for system use and should not be edited. Here we are using the idpexample organization.Fiddler AuthN console home page
3

Navigate to Identity Providers in Settings

Select Settings tab from the top menu and then select Identity Providers from the left navigation menu.Fiddler AuthN console add provider page
4

Add and Configure New SAML Provider

  1. Select the SAML option in the Add provider section, which brings up the Sign in with SAML form.
  2. Enter a name for the integration. This name is displayed on the SSO login button on the Fiddler sign-in page, so choose one your users will recognize.
  3. Paste the following placeholder value into the Metadata XML text area. AuthN needs it to generate the URLs used when you create the Okta app integration; you will replace it in a later step.
File: Placeholder Metadata XML value
PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8bWQ6RW50aXR5RGVzY3JpcHRvciB4bWxuczptZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm1ldGFkYXRhIg0KICAgICAgICAgICAgICAgICAgICAgdmFsaWRVbnRpbD0iMjAyNS0wOC0zMFQxMzo0NToxM1oiDQogICAgICAgICAgICAgICAgICAgICBjYWNoZUR1cmF0aW9uPSJQVDYwNDgwMFMiDQogICAgICAgICAgICAgICAgICAgICBlbnRpdHlJRD0iaHR0cDovL2xvY2FsaG9zdDo4MDgwIj4NCiAgICA8bWQ6U1BTU09EZXNjcmlwdG9yIEF1dGhuUmVxdWVzdHNTaWduZWQ9ImZhbHNlIiBXYW50QXNzZXJ0aW9uc1NpZ25lZD0iZmFsc2UiIHByb3RvY29sU3VwcG9ydEVudW1lcmF0aW9uPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPg0KICAgICAgICA8bWQ6TmFtZUlERm9ybWF0PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkPC9tZDpOYW1lSURGb3JtYXQ+DQogICAgICAgIDxtZDpBc3NlcnRpb25Db25zdW1lclNlcnZpY2UgQmluZGluZz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmJpbmRpbmdzOkhUVFAtUE9TVCINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBMb2NhdGlvbj0iaHR0cDovL2xvY2FsaG9zdDo4MDgwL2NvbnN1bWUvZGF0YSINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmRleD0iMSIgLz4NCiAgICAgICAgDQogICAgPC9tZDpTUFNTT0Rlc2NyaXB0b3I+DQo8L21kOkVudGl0eURlc2NyaXB0b3I+
Fiddler AuthN console new SAML configuration
5

Save the SAML Provider

Select the Create button and then select the Save button. You will be returned to the Organization Settings page.Fiddler AuthN console saving new SAML IdP
6

Copy the SAML URLs

Select your IdP from the list. Four URLs are displayed — copy the following three for the Okta app integration steps:
  • ZITADEL Metadata URL
  • ZITADEL ACS Login Form URL
  • ZITADEL ACS Intent API URL Fiddler AuthN console SAML IdP URLs required for Okta configuration
7

Create New App Integration in Okta

  1. In the Okta admin console, navigate to Applications and select the Create App Integration button. Select SAML 2.0 for the Sign-in method, then select Next. Okta admin console Applications page
  2. Enter a name for your application, e.g. Fiddler IdP Example, and select Next. Okta admin console enter your new app name
8

Configure the Okta App

  1. Enter the ZITADEL ACS Login Form URL copied from the AuthN console into the Single sign-on URL text box. Ensure the Use this for Recipient URL and Destination URL checkbox is selected.
  2. Enter the ZITADEL Metadata URL from the AuthN console into the Audience URI (SP Entity ID) text box. Okta admin console configure SAML settings
  3. Expand the Advanced Settings section.
  4. In the Other Requestable SSO URLs section, select the + Add Another button, enter the ZITADEL ACS Intent API URL copied from the AuthN console, and enter 0 for the Index. Okta admin console configure SAML settings - requestable URL
  5. Select Next, then select Finish to complete the application creation.
  6. On the created application, go to the Sign On tab, then select Show legacy configuration under Attribute Statements. Add the following attributes with Name format set to Basic, then select Save:
    1. Name=firstName, Value=user.firstName
    2. Name=lastName, Value=user.lastName
    3. Name=email, Value=user.email
    Okta admin console SAML attribute statements
  7. On the Sign On tab, go to Settings → Sign on methods → SAML 2.0 and copy the Metadata URL. Okta admin console SAML 2.0 metadata URL
9

Replace the Placeholder Metadata XML

  1. Return to the identity provider form in the Fiddler AuthN console (where you left off in step 4 — Add and Configure New SAML Provider).
  2. Clear the Metadata XML text area.
  3. Paste the Metadata URL copied from Okta into the Metadata URL text box. Fiddler AuthN console Metadata URL
10

Configure Additional Parameters

  1. Expand the optional section.
  2. Ensure the Automatic create and Automatic update checkboxes are selected.
  3. Set the Determines whether an identity will be prompted to be linked to an existing account dropdown to Check for existing Username. Fiddler AuthN console automatic create/update and check existing username settings
11

Save the Configuration Changes

Select the Save button. You will be returned to the Organization Settings page.Fiddler AuthN console with newly created Okta SAML IdP
12

Activate the Okta SAML IdP

  1. Select your IdP from the list and select the Activate button on the identity provider page. Fiddler AuthN console activate new Okta SAML IdP
  2. Close the settings and then select Login Behavior and Security from the left nav menu and ensure the External login allowed checkbox is selected. Fiddler AuthN console allow external login behavior
  3. Select the Save button. Fiddler AuthN console external login allowed
13

Create a Custom Action

Select the Actions tab from the top menu.Fiddler AuthN console new custom Action script
  1. Select the New button in the Scripts section to create a new action script.
  2. Copy the Okta SAML Action Script below and paste it into the script text area.
  3. Enter setAttributesOnOktaSAMLAuth in the Name text box.
  4. Select the Add button.
File: Okta SAML Action Script
function setAttributesOnOktaSAMLAuth(ctx, api) {
    let firstName = ctx.v1.providerInfo.attributes["firstName"];
    let lastName = ctx.v1.providerInfo.attributes["lastName"];
    let email = ctx.v1.providerInfo.attributes["email"];
    let groups = ctx.v1.providerInfo.attributes["groups"];

    let nameParts = [firstName, lastName];
    let filteredParts = nameParts.filter(part => part);
    let displayName = filteredParts.join(' ');

    if (firstName != undefined) {
      api.setFirstName(firstName);
    }
    if (lastName != undefined) {
      api.setLastName(lastName);
    }
    if (email != undefined) {
      email = String(email).toLowerCase();
      api.setEmail(email);
      api.setEmailVerified(true);
      api.setPreferredUsername(email);
    }
    if (displayName) {
      api.setDisplayName(displayName);
    }

    api.v1.user.appendMetadata('fiddler_authentication_type', 'SSO:OKTA:SAML');
    if (groups === null || groups === undefined){
      groups = []
    }
    api.v1.user.appendMetadata('fiddler_groups', groups);
}
14

Configure the Action Trigger

Scroll down to the Flows section.Fiddler AuthN console new Action trigger creation
  1. Select the External Authentication option for the Flow Type dropdown.
  2. Select the + Add trigger button.
  3. Select the Post Authentication option for the Trigger Type dropdown.
  4. Select the setAttributesOnOktaSAMLAuth option for the Actions dropdown.
  5. Select the Save button.
15

Set the Organization SSO Authentication Type

Add an organization metadata key so Fiddler can correctly identify and process this SSO connection. Set this once during setup.
  1. Go to the Metadata section and select Edit. Fiddler AuthN console organization metadata section
  2. Select the Add button, then enter the key fiddler_sso_authentication_type with the value SSO:OKTA:SAML. Fiddler AuthN console organization metadata with Okta SAML authentication type
  3. Select the Save button next to the new entry.
16

Validate the Integration

Before validating, ensure your Okta user account is assigned to the new Okta application you created.
  1. Open your Fiddler URL (e.g. https://idpexample.dev.fiddler.ai).
  2. Ensure you see the Fiddler sign-in page and that it displays an SSO login button labeled with the name you configured (e.g. Okta SAML). Fiddler application homepage displaying the new SSO login method in addition to the email sign-in form
  3. Select the button and confirm that the Fiddler application loads. Fiddler application landing page
The first user to sign in to the Fiddler application is automatically assigned the Fiddler Org Admin role; subsequent members are Org Members by default.

Getting Help

If sign-in fails, check the Okta System Log (Reports → System Log) for the failed attempt and its reason. For Fiddler-side issues, see the SSO Authentication Guide. If the issue persists, contact your Fiddler representative with the specific error message.

Important Notes

  • Data Storage: Fiddler stores the following profile attributes from Okta: first name, last name, display name, email address, and group memberships (used to map users to Fiddler teams).
  • API Access: For programmatic API access, users create an API key from the Credentials tab in Fiddler’s Settings page.
  • Single Authentication Method: Users can only authenticate via either SSO or email authentication, not both.

Next Steps

After successful integration:
  • Train Users: Provide guidance on accessing Fiddler through Okta SSO.
  • Configure Teams: Map your identity provider groups to Fiddler teams — see Mapping AD Groups to Fiddler Teams.
  • Test Group Sync: Verify automatic group synchronization is working as expected.
  • Monitor Usage: Review authentication logs and user access patterns.