Skip to main content
Skip table of contents

Okta SSO

Okta SSO provides a single, unified login experience for users to access multiple applications without re-entering their credentials for each service. This guide explains how to add Cloudaware as an external application in a customer-managed Okta.

Prerequisites

Ensure that you have the necessary permissions (super admin, org admin, app admin, or a custom role with required application permissions) to create applications in Okta.

Setup in Okta

  1. Sign in to the Okta Admin Console. Navigate to Applications -> Applications.

  2. Click Create App Integration. Select SAML 2.0 as the Sign-in method:

    Okta SSO - setup in Okta - sign-in method.png

    Click Next.

  3. Enter a name for the app:

    Okta SSO - setup in Okta - SAML - app name.png

    Click Next.

  4. Provide values for general SAML settings:

  • Single sign-on URL: https://<your_cloudaware_domain>.my.salesforce.com
    Keep the Use this for Recipient URL and Destination URL checkbox selected.

  • Audience URI (SP Entity ID): https://<your_cloudaware_domain>.my.salesforce.com

  • Default RelayState: for a better user experience, use https://<your_cloudaware_domain>.lightning.force.com/CA10UI/lca.app to ensure that users land on the CMDB main page.

  • Name ID format: EmailAddress

  • Application username: Okta username

  • Update application username on: Create and update

    Okta SSO - setup in Okta - SAML - general settings.png

  1. For JIT (Just-In-Time) user provisioning, add the following Attribute Statements:

  • User.Username: Cloudaware runs on top of the Salesforce platform, where usernames must be globally unique. Using Okta expressions is recommended to specify a username format. For example, cloudaware-<user_email>: String.join("-", "cloudaware", user.email

  • User.FirstName: user.firstName

  • User.LastName: user.lastName

  • User.ProfileId: select one of the Cloudaware Profiles, such as CloudAware Administrator, CloudAware User, etc. 

  • User.Email: user.email

  • User.IsActive (optional): If you have an automation that deactivates users in Cloudaware after a set period of inactivity (no logins), add this attribute statement and set it to true to ensure that a deactivated user is reactivated and able to log in.

    Okta SSO - setup in Okta - SAML - attribute statements.png

    Scroll down, click Next -> Finish.

  1. Open the ‘Assignments’ tab. Assign users/groups to the app:

    Okta SSO - setup in Okta - assign user and groups.png

  1. Open the ‘Sign On’ tab. Copy and save the Metadata URL for the next steps:

    Okta SSO - setup in Okta - save Metadata URL.png


    You can either use the URL directly or open it in a browser and save the page as XML. Both options are valid when setting up SSO in Cloudaware (see the next section).

Setup in Cloudaware

  1. Log in to Cloudaware → Setup.

    Okta SSO - setup in Cloudaware - setup.png

  2. Type Single in the Quick Find bar. Under Identity, select Single Sign-On Settings. Ensure that the SAML Enabled checkbox is checked.

    Okta SSO - setup in Cloudaware - SAML Enabled.png

    Otherwise, click Edit, check the box and save the changes.

    By default, the Federation ID required for SSO setup is case-sensitive. If required, make the setting case-insensitive by selecting the Make Federation ID case-insensitive checkbox:

    Okta SSO - setup in Cloudaware - Federation ID case sensitivity.png

  1. Create a new SSO setting using one of the options below:

    Option 1 – Metadata URL

    To use this option, add Okta Metadata URL domain to the Remote Site Settings first:

    Type Remote in the Quick Find bar. Under Security, select Remote Site SettingsNew Remote Site.

    Okta SSO - setup in Cloudaware - Metadata URL - Remote Site Settings.png


    Set a name for the remote site and paste the Metadata URL:

    Okta SSO - setup in Cloudaware - Metadata URL - new Remote Site details.png

    Click Save.

    Go back to the Single Sign On Settings page -> click New from Metadata URL.

    Okta SSO - setup in Cloudaware - Metadata URL - click New from Metadata URL.png


    Paste the Metadata URL and click Create.

    Option 2 – Metadata File (XML)

    On the Single Sign-On Settings page, click New from Metadata File.

    Okta SSO - setup in Cloudaware - Metadata File (XML) - click New from Metadata File.png


    Upload the XML file and click Create.

  2. Configure SAML Single Sign-On settings:

    - Set the SSO setting name and API name.
    - Choose SAML Identity Type.
    - If required, enable Just-in-time* User Provisioning and choose Standard for User Provisioning Type.
    *JIT requires selecting Assertion contains the Federation ID from the User Object as the SAML Identity Type.

    Okta SSO - setup in Cloudaware - SAML Single Sign-On Settings.png

    Click Save.

  3. Configure Okta as an authentication service:

    Type My domain in the Quick Find bar. Select My Domain. Scroll down to the Authentication Configuration section and click Edit.

    Select the checkbox near the name of the recently created SSO configuration (in this example, okta):

    Okta SSO - setup in Cloudaware - My domain - Authentication Configuration.png

    Click Save.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.