Set up your app in Okta
We recommend manually setting up an application in Okta in order to configure your company’s SSO connection with OneCloud.
- Log in to your Okta organization and access the classic UI in order to create a SAML application.
- From here, click Applications > Add Application.
- When adding an application, select SAML 2.0 as your sign-on method and click Create.
When inside the app, we recommend you name the app OneCloud and use the following logo:
Configure SAML
When you’ve finished with the general settings, click Next and you will be taken to the “Configure SAML” section. Make note of the following before you start:
- Some of the fields shown here are available in the “Show Advanced” section. Okta should default these values to the values we have chosen below, but double-check to confirm.
- Your company token is available in the admin SAML page. See our SSO docOneCloud Single Sign-On (SSO)umentation for more details. This URL will also be used in Recipient URL and the Destination URL.
From here, fill out the fields as follows:
-
Single Sign-On URL: https://app.onecloud.io/saml/consume/COMPANY_SAML_TOKEN
-
Recipient URL: https://app.onecloud.io/saml/consume/COMPANY_SAML_TOKEN
-
Or check the box “Use this for Recipient URL and Destination URL” in Okta
-
-
Destination URL: https://app.onecloud.io/saml/consume/COMPANY_SAML_TOKEN
-
Or check the box “Use this for Recipient URL and Destination URL” in Okta
-
-
Audience URI (SP Entity ID): https://app.onecloud.io/saml/metadata.xml
-
Default Relay State:
-
Name ID Format: EmailAddress
-
Response: Signed
-
Assertion Signature: Signed
-
Signature Algorithm: RSA_SHA256
-
Digest Algorithm: SHA256
-
Assertion Encryption: Unencrypted
-
authnContextClassRef: PasswordProtectedTransport
-
Honor Force Authentication: Yes
-
SAML Issuer ID: http://www.okta.com/OKTA_ENTITY_ID
Single Logout
To enable single logout, check the “Enable Single Logout” box. New fields should appear below:
-
-
Single Logout URL: https://app.onecloud.io/saml/logout/COMPANY_SAML_TOKEN
-
SP Issuer: https://app.onecloud.io/saml/metadata.xml (same as SP Entity ID above)
-
Signature Certificate: LEAVE BLANK
-
Attributes Statements
OneCloud requires some basic attributes to be sent along with the SAML assertion. See the screenshot below for the required attributes:
Once completed:
-
Click Next and proceed to the final section.
-
Select I’m an Okta customer adding an internal app.
-
There are optional fields to provide feedback to Okta, but they are not required.
-
-
When finished, click the Finish button. Your app is almost ready to go!
Final steps
The final step toward integrating OneCloud with Okta is to get the metadata from the app and upload it to the OneCloud platform. When you’ve finished creating your app, go to the “Sign On” section of the application.
From here, you’ll need to click Identity provider metadata to download the metadata associated with your application. This file will be called “metadata” and you’ll need to rename it with a .xml extension (i.e., “metadata.xml”) in order to upload to OneCloud. See our Single Sign On (SSO) documentation for details on configuring your SAML app inside the OneCloud platform.