Have an Okta account with application creation right
Cloudi-Fi administrator account
SAML module activated in your Cloudi-Fi settings
1) Get your Cloudi-Fi Company Key
A trust must be establish between Cloudi-Fi and Okta to allow authentication.
To setup this trust, you have to provide to Okla your Cloudi-Fi Company Key.
In Cloudi-Fi admin portal, go to Settings and note your Company Key
2) Okta service configuration
Go to your Okta portal and switch in "Classic UI" mode.
Go to Application section, add a new application.
Click on "Create a new Application Integration"
Select SAML 2.0
In General Settings page:
App name : Cloudi-Fi
and click on Next
In Configure SAML page :
Single sign on URL : add the Cloudi-Fi SAML URL and replace <companyKey> with your Cloudi-Fi Company Key
Configure the rest of the fields as described on below screenshots :
Once Cloudi-Fi application created on Okta, click on the button "View Setup Instructions" to retrieve technical informations to be configured on Cloudi-Fi portal.
Here are needed informations:
Identity Provider Single Sign-On URL or <idpSSOUrl>
Identity Provider Issuer or <idpIssuer>
X.509 Certificate or <idpCert>
Nota: for the certicate, keep only the text between the markers "Begin Certificate" and "End certificate", and copy this text on a unique line (see example below)
3) Cloudi-Fi configuration
In Cloudi-Fi admin portal, go to Settings > Authentication module settings and select SAML
Fill out the form as described below with details previously retrieved on Okla :
IdP EntityId = <idpIssuer>
Binding Method = POST
IdP Endpoint = <idpSSOUrl>
Logout Binding Method = POST
Logout Endpoint = <idpSSOUrl>
IdP Signing Certificate = <idpCert>
Email attribute name = mail
Finally, click on Save
Once done, you will have to activate the SAML authentication on your captive portal.
Please contact our team at firstname.lastname@example.org to make the necessary changes to your captive portal or consult the articles available in our online help https://help.cloudi-fi.net/