Skip to main content

SAML authentication for Guest internet access with Okta

Alexandre de THOMASSON
  • Updated
How to use Okta SAML authentication using the Cloudi-Fi captive portal admin interface.

                                                            

Prerequisites :

  • Have an Okta account with application creation rights.

  • Cloudi-Fi administrator account.

  • SAML module activated in your Cloudi-Fi settings.

 1) Get your Cloudi-Fi Company Key

Trust must be established between Cloudi-Fi and Okta to allow authentication.
To set up this trust, you must provide Okla with your Cloudi-Fi Company Key.
In the Cloudi-Fi admin portal, go to Settings and note your Company Key.

 

 

2) Okta service configuration

  • Go to your Okta portal and switch to "Classic UI" mode.

  • Go to the Application section, and add a new application.

  • Click on "Create a new Application Integration.

  • Select SAML 2.0

In the General Settings page:

  • App name: Cloudi-Fi 

  • and click on Next  

In Configure SAML page :

 

  • Single sign-on URL : add the Cloudi-Fi SAML URL and replace it with your Cloudi-Fi Company Key

https://login.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/

  • Configure the rest of the fields as described below screenshots :

Once the Cloudi-Fi application is created on Okta, click "View Setup Instructions" to retrieve technical information to be configured on the Cloudi-Fi portal.
Here are needed information:

 

  • Identity Provider Single Sign-On URL or

  • Identity Provider Issuer or

  • X.509 Certificate or

  • Note: for the certificate, keep only the text between the markers "Begin Certificate" and "End certificate", and copy this text on a unique line (see example below)

 3) Cloudi-Fi configuration

In Cloudi-Fi admin portal, go to Settings Authentication module settings and select SAML. 

 

Fill out the form as described below with details previously retrieved on Okla : 

 

  • IdP EntityId =

  • Binding Method = POST

  • IdP Endpoint =

  • Logout Binding Method = POST

  • Logout Endpoint =

  • IdP Signing Certificate =  

  • Email attribute name = mail

Finally, click on Save 

 

Once done, you must activate the SAML authentication on your captive portal.
Please contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles available in our online help https://help.cloudi-fi.com/

Related to

Related articles

Comments

0 comments