Skip to main content

Search

How can we help ?

SAML authentication for Guest internet access with Okta

Alexandre de THOMASSON
  • Updated
How to use Okta SAML authentication using the Cloudi-Fi captive portal admin interface.

                                                            

Prerequisites :

  • Have an Okta account with application creation rights.

  • Cloudi-Fi administrator account.

  • SAML module activated in your Cloudi-Fi settings.

 1) Get your Cloudi-Fi Company Key

Trust must be established between Cloudi-Fi and Okta to allow authentication.
To set up this trust, you must provide Okta with your Cloudi-Fi Company Key.
In the Cloudi-Fi admin portal, go to Settings and note your Company Key.

 

Screenshot 2023-07-20 at 2.06.08 PM.png

 

2) Okta service configuration

  • Go to your Okta portal and switch to "Classic UI" mode.

  • Go to the Application section, and add a new application.

  • Click on "Create a new Application Integration.

  • Select SAML 2.0

Screenshot 2023-07-28 at 10.25.40 AM.png

In the General Settings page:

  • App name: Cloudi-Fi 

  • and click on Next  

Screenshot 2023-07-28 at 10.26.18 AM.png

In Configure SAML page :

 

  • Single sign-on URL: add the Cloudi-Fi SAML URL and replace it with your Cloudi-Fi Company Key

https://login.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<company_key>

  • Configure the rest of the fields as described below screenshots :

Screenshot 2023-07-28 at 10.28.18 AM.png
Screenshot 2023-07-28 at 10.28.35 AM.png

Once the Cloudi-Fi application is created on Okta, click "View SAML Setup Instructions" to retrieve technical information to be configured on the Cloudi-Fi portal.

Screenshot 2023-07-28 at 10.30.05 AM.png

Here are needed information:

  • Identity Provider Single Sign-On URL

  • Identity Provider Issuer

  • X.509 Certificate

640204d3389c2.png

 3) Cloudi-Fi configuration

In the Cloudi-Fi admin portal, go to Settings -> Auth Modes and select SAML. 

 

Screenshot 2023-07-28 at 10.40.58 AM.png

Fill out the form as described below with details previously retrieved on Okta : 

 

  • IdP EntityId = Identity Provider Issuer (Marked 2 in the previous screenshot)
  • Binding Method = POST
  • IdP Endpoint = Identity Provider Single Sign-On URL (Marked 1 in the previous screenshot)
  • Logout Binding Method = POST
  • Logout Endpoint =
  • IdP Signing Certificate = X.509 Certificate (Marked 3 in the previous screenshot) without "Begin Certificate" and "End certificate" markers
  • Email attribute name = mail

Finally, click on Save 

 

Once done, you must activate the SAML authentication on your captive portal.
Please contact our team (How to contact your support? ) to make the necessary changes to your captive portal or consult the articles available in our online help https://help.cloudi-fi.com/