Configure Okta as your identity provider (IdP) for logging into OneCloud.
We recommend manually setting up an application in Okta in order to configure your company’s SSO connection with OneCloud.
Log in to your Okta organization and access the classic UI in order to create a SAML application:
From here, click “Applications” and then click “Add Application”
When adding an application, select “SAML 2.0” as your sign-on method and click “Create”. When inside the app, we recommend you name the app OneCloud and use the following logo that we’ve formatted for use in Okta:
When you’ve finished with the general settings, click “Next” and you will be taken to the “Configure SAML” section. From here, fill out the fields as follows:
NOTE: Some of these fields are available in the “Show Advanced” section. Okta should default these values to the values we have chosen below, but double-check to confirm.
- Single Sign-On URL: https://app.onecloud.io/saml/consume/COMPANY_SAML_TOKEN (NOTE: Your company token is available in the admin SAML page. See our SSO documentation for more details. This URL will also be used in ‘Recipient URL’ and the ‘Destination URL’).
- Recipient URL: https://app.onecloud.io/saml/consume/COMPANY_SAML_TOKEN (or check the box for “Use this for Recipient URL and Destination URL” in Okta)
- Destination URL: https://app.onecloud.io/saml/consume/COMPANY_SAML_TOKEN (or check the box for “Use this for Recipient URL and Destination URL” in Okta)
- Audience URI (SP Entity ID): https://app.onecloud.io/saml/metadata.xml
- Default Relay State:
- Name ID Format: EmailAddress
- Response: Signed
- Assertion Signature: Signed
- Signature Algorithm: RSA_SHA256
- Digest Algorithm: SHA256
- Assertion Encryption: Unencrypted
- authnContextClassRef: PasswordProtectedTransport
- Honor Force Authentication: Yes
- SAML Issuer ID: http://www.okta.com/OKTA_ENTITY_ID
- To enable single logout, check the “Enable Single Logout” box. New fields should appear below: Single Logout URL: https://app.onecloud.io/saml/logout/COMPANY_SAML_TOKEN
- SP Issuer: https://app.onecloud.io/saml/metadata.xml (same as SP Entity ID above)
- Signature Certificate: LEAVE BLANK
OneCloud requires some basic attributes to be sent along with the SAML assertion. See the screenshot below for the required attributes:
Once completed, click “Next” and proceed to the final section. Select “I’m an Okta customer adding an internal app”. There are optional fields to provide feedback to Okta, but they are not required. When you are finished, click the “Finish” button. Your app is almost ready to go!
The final step toward integrating OneCloud with Okta is to get the metadata from the app and upload it to the OneCloud platform. When you’ve finished creating your app, go to the “Sign On” section of the application.
From here, you’ll need to click “Identity provider metadata” to download the metadata associated with your application. This file will be called “metadata”, and you’ll need to rename it with a .xml extension (i.e., “metadata.xml”) in order to upload to OneCloud. See our Single Sign On (SSO) documentation for details on configuring your SAML app inside the OneCloud platform.