Here are step-by-step instructions for setting up SAML authentication for your Sponsors (in APAC, Australia) with Cloudi-Fi and Okta.
Use case
The following sections will provide step-by-step instructions to SAML authentication for your Sponsor (in APAC, Australia) with Cloudi-Fi and Okta.
Prerequisites
SAML URLs
- Navigate to the Cloudi-Fi Admin user interface (UI)
- Go to Configuration > Auth modes > Sponsor for China
- Collect the necessary information
Linkback URL
https://portal-cn.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/************
- ***** is your Cloudi-fi public key (Go to your Cloudi-fi Admin interface > Settings > Company Account)
Cloudi-Fi Entity ID
https://portal-cn.cloudi-fi.net/
1. Create your Okta SAML application
Go to your Okta portal and switch to Classic UI mode.
Go to the Application section, and add a new application.
Click on Create a new Application Integration.
Then, select SAML 2.0
In the General Settings page, define your App name (for instance : Cloudi-Fi Guest SAML) and click on Next
In Configure SAML page
- Linkback URL :
-
https://portal-cn.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/<company_key>
- To find your <company_key> , go to the Cloudi-fi Admin interface, navigate to "Settings", then "Company Account"
-
- Cloudi-Fi Entity ID :
-
https://portal-cn.cloudi-fi.net/
-
- Name ID format : EmailAddress
- Application username : Email
- Update application username on : Create and update
- Attribute Statement
- Name : mail
- Value : user.email
In the Feedback page, click on Finish.
Once the Cloudi-Fi application is created on Okta, click View SAML Setup Instructions to retrieve technical information for configuring the Cloudi-Fi portal.
Here is the needed information :
-
Identity Provider Single Sign-On URL
-
Identity Provider Issuer
-
X.509 Certificate
2. Cloudi-Fi configuration
To start step 2, make sure you have all of this information
Attributes_name (in Okta) |
Attributes_name (in Cloudi-Fi) |
Details |
Single sign-on URL | Linkback URL |
https://portal-cn.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/sp-sponsor/<company_key> |
SP Entity ID | Cloudi-Fi Entity ID |
https://portal-cn.cloudi-fi.net/ |
Identity Provider Issuer |
IdP EntityID |
http://www.okta.com/********* |
Identity Provider Signle Sign-On URL | IdP Endpoint |
https://******/app/****/*****/sso/saml |
X.509 Certificate | IDP Signing Certificate (X509 (Base64) | |
Attribute Statements / Name | Email_address Claims |
|
Navigate to the Cloudi-Fi Admin user interface (UI)
Access Configuration > Auth modes > Sponsor for China
Enter the required values into the respective fields
Fill out the form as described below with details previously retrieved on Okta :
- IdP EntityId : Identity Provider Issuer
- Binding Method : POST
- IdP Endpoint : Identity Provider Single Sign-On URL
- Logout Binding Method : POST
- IdP Signing Certificate : X.509 Certificate without "Begin Certificate" and "End certificate" markers
- Email attribute name : mail
Finally, click on Save
Troubleshooting
Okta error message
A Sponsor_administrator has access to the application, and is redirected to Okta authentication Page. He fills out his (address and password) and Signs. Then, he is redirected to an Okta Error Page.
Please replay the process and perform an HTTP capture (Perform a Web Request capture in the web browser) and open a ticket to Cloudi-Fi support with the capture attached (see How to contact your support?)
What's Next ?
Congratulations on enabling SAML authentication with Okta for your Sponsor_administrators located in (APAC, Australia).