Prerequisites :

  • Have an Okta account with application creation right

  • Cloudi-Fi administrator account 

  • SAML module activated in your Cloudi-Fi settings

 1) Get your Cloudi-Fi Company Key

A trust must be establish between Cloudi-Fi and Okta to allow authentication.
To setup this trust, you have to provide to Okla your Cloudi-Fi Company Key.
In Cloudi-Fi admin portal, go to Settings and note your Company Key

2) Okta service configuration

  • Go to your Okta portal and switch in "Classic UI" mode.

  • Go to Application section, add a new application.

  • Click on "Create a new Application Integration

  • Select SAML 2.0

In General Settings page:

  • App name : Cloudi-Fi 

  • and click on Next  

In Configure SAML page :

  • Single sign on URL : add the Cloudi-Fi SAML URL and replace <companyKey> with your Cloudi-Fi Company Key

https://login.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<companyKey>
  • Configure the rest of the fields as described on below screenshots :

Once Cloudi-Fi application created on Okta, click on the button "View Setup Instructions" to retrieve technical informations to be configured on Cloudi-Fi portal.
Here are needed informations:

  • Identity Provider Single Sign-On URL or <idpSSOUrl>

  • Identity Provider Issuer or <idpIssuer>

  • X.509 Certificate or <idpCert>

  • Nota: for the certicate, keep only the text between the markers "Begin Certificate" and "End certificate", and copy this text on a unique line (see example below)

 3) Cloudi-Fi configuration

In Cloudi-Fi admin portal, go to Settings > Authentication module settings and select SAML 

 
Fill out the form as described below with details previously retrieved on Okla : 

  • IdP EntityId = <idpIssuer>

  • Binding Method = POST

  • IdP Endpoint = <idpSSOUrl>

  • Logout Binding Method = POST

  • Logout Endpoint = <idpSSOUrl>

  • IdP Signing Certificate = <idpCert> 

  • Email attribute name = mail

Finally, click on Save 

Once done, you will have to activate the SAML authentication on your captive portal.
Please contact our team at creativelab@cloudi-fi.com  to make the necessary changes to your captive portal or consult the articles available in our online help https://help.cloudi-fi.net/

Did this answer your question?