Okta

This page provides information on how to configure Cloud CMS Single Sign On (SSO) for Okta and SAML 2.0.

Cloud CMS provides Single Sign On (SSO) Enterprise support for a variety of Identity Providers using SAML 2.0 and/or JWT. For more information, see Cloud CMS Single Sign On (SSO).

You can learn more about Okta here:

https://www.okta.com

Set up Okta

In this section, we'll set up Single Sign On with Okta.

Log into the Okta Administration Console

Login at https://{your-okta-domain}.okta.com

and click Admin

Create an Application

Create a new Application for "Cloud CMS"

Select Add Applications from the "Shortcuts" menu on the right. And then the Create New App button.

You will see a form like this:

Select "Platfrom" "Web" and "Sign on Method" "SAML 2.0". Click Create

Enter Cloud CMS for "App name". This is only an example. It can be any name you like.

Click Next

You will see the following form:

For Single sign on URL" enter the Cloud CMS Assertion Consumer Service URL: https://{your-cloudcms-domain}.cloudcms.net/saml

Enter cloudcms for "Audience URI". Remember this value as it is required in the Cloud CMS SSO configuration in a future step. This value is only an example. It can be any name you like.

Click Next and Finish

From the "General" settings of the new "Application", copy the URL value under EMBED LINK. You will need this URL in the Set up Cloud CMS step below.

From "SAML Signing Certificates" download a certificate. Use this for the Certificate in the Set up Cloud CMS step below.

Add a User to the App

From the Admin console, select "Directory" and "People" from the top menu.

Select a user account and click the Assign Applications button.

A list of applications is displayed. It should now include "Cloud CMS".

Click the Assign button and then Done.

Set up Cloud CMS

In a new browser window, log into the Cloud CMS user interface. Click on Manage Platform and then pick SSO on the left-hand menu.

Select SAML 2.0 from the radio button list.

And then fill out the form.

The following is required:

  1. The SAML URL should be the EMBED LINK value you copied from the Okta "Application" you created above.

  2. The SAML Issuer should match the Okta Application's Audience URI

  3. Enter the PEM formatted certificate you downloaded from the Okta "Application" you created above into Certificate

Save your changes and log out.

Verify it works

You can now verify that Cloud CMS is configured to use SAML 2.0:

  • Log out of your current Cloud CMS account
  • Log back in
  • While Logging in again, you will be re-directed to Okta
  • Log into Okta with your username and password.
  • If the credentials match, you will be redirected back to Cloud CMS.
  • Cloud CMS will automatically log you in and create your user if it doesn't yet exist.