Prerequisites :
-
Have an Okta account with application creation rights.
-
Cloudi-Fi administrator account.
-
SAML module activated in your Cloudi-Fi settings.
1) Get your Cloudi-Fi Company Key
Trust must be established between Cloudi-Fi and Okta to allow authentication.
To set up this trust, you must provide Okta with your Cloudi-Fi Company Key.
In the Cloudi-Fi admin portal, go to Settings and note your Company Key.
2) Okta service configuration
-
Go to your Okta portal and switch to "Classic UI" mode.
-
Go to the Application section, and add a new application.
-
Click on "Create a new Application Integration."
-
Select SAML 2.0
In the General Settings page:
-
App name: Cloudi-Fi
-
and click on Next
In Configure SAML page :
-
Single sign-on URL: add the Cloudi-Fi SAML URL and replace it with your Cloudi-Fi Company Key
https://login.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<company_key>
-
Configure the rest of the fields as described below screenshots :
Once the Cloudi-Fi application is created on Okta, click "View SAML Setup Instructions" to retrieve technical information to be configured on the Cloudi-Fi portal.
Here are needed information:
-
Identity Provider Single Sign-On URL
-
Identity Provider Issuer
-
X.509 Certificate
3) Cloudi-Fi configuration
In the Cloudi-Fi admin portal, go to Settings -> Auth Modes and select SAML.
Fill out the form as described below with details previously retrieved on Okta :
- IdP EntityId = Identity Provider Issuer (Marked 2 in the previous screenshot)
- Binding Method = POST
- IdP Endpoint = Identity Provider Single Sign-On URL (Marked 1 in the previous screenshot)
- Logout Binding Method = POST
- Logout Endpoint =
- IdP Signing Certificate = X.509 Certificate (Marked 3 in the previous screenshot) without "Begin Certificate" and "End certificate" markers
- Email attribute name = mail
Finally, click on Save
Once done, you must activate the SAML authentication on your captive portal.
Please contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles available in our online help https://help.cloudi-fi.com/