![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta-logo.png){kind=logo}
Okta
This page provides information on how to configure Cloud CMS Single Sign On (SSO) for Okta and SAML 2.0.
Cloud CMS provides Single Sign On (SSO) Enterprise support for a variety of Identity Providers using SAML 2.0 and/or JWT. For more information, see Cloud CMS Single Sign On (SSO).
You can learn more about Okta here:
https://www.okta.com
Set up Okta
In this section, we'll set up Single Sign On with Okta.
Log into the Okta Administration Console
Login at https://{your-okta-domain}.okta.com
Then, click Admin, and go to Applications
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta1.png)
Create an Application
Create a new Application for "Cloud CMS"
Select Add Applications from the "Shortcuts" menu on the right. And then the Create New App button.
You will see a form like this:
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta2.png)
Select "Platfrom" "Web" and "Sign on Method" "SAML 2.0". Click Create
Enter Cloud CMS for "App name". This is only an example. It can be any name you like.
Click Next
You will see the following form:
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta3.png)
For Single sign on URL" enter the Cloud CMS Assertion Consumer Service URL: https://{your-cloudcms-domain}.cloudcms.net/saml
Enter cloudcms for "Audience URI". Remember this value as it is required in the Cloud CMS SSO configuration in a future step. This value is only an example. It can be any name you like.
Click Next and Finish
From the "General" settings of the new "Application", copy the URL value under EMBED LINK. You will need this URL in the Set up Cloud CMS step below.
From "SAML Signing Certificates" download a certificate. Use this for the Certificate in the Set up Cloud CMS step below.
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta4.png)
Mappings
To have custom user properties map to your Cloud CMS users, you'll want to configure the User Mappings for each property to map to a subproperty of the user object in the SAML response, like so:
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta5.png)
In order for Cloud CMS to map groups from your Okta users, ensure to map all relevant group ids to the groups property like this:
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/okta6.png)
Add a User to the App
From the Admin console, select "Directory" and "People" from the top menu.
Select a user account and click the Assign Applications button.
A list of applications is displayed. It should now include "Cloud CMS".
Click the Assign button and then Done.
Set up Cloud CMS
In a new browser window, log into the Cloud CMS user interface. Click on Manage Platform and then pick SSO on the left-hand menu.
Select SAML 2.0 from the radio button list.
And then fill out the form.
![[object Object]](/documentation/gitana/4.0/engine/authentication/sso/okta/cloudcms1.png)
The following is required:
The
SAML URLshould be the EMBED LINK value you copied from the Okta "Application" you created above.The
SAML Issuershould match the Okta Application's Audience URIEnter the PEM formatted certificate you downloaded from the Okta "Application" you created above into Certificate
Save your changes and log out.
Verify it works
You can now verify that Cloud CMS is configured to use SAML 2.0:
- Log out of your current Cloud CMS account
- Log back in
- While Logging in again, you will be re-directed to Okta
- Log into Okta with your username and password.
- If the credentials match, you will be redirected back to Cloud CMS.
- Cloud CMS will automatically log you in and create your user if it doesn't yet exist.