Single Sign On (SSO) using Okta

Overview

Single sign-on (SSO) is an authentication scheme that enables users to use a single ID and password combination to log into multiple platforms, services, or systems.

Cloudchipr supports SSO and is compatible with any SAML 2.0-compliant SSO provider, including:

• Okta
• Microsoft Azure Active Directory

💡

This is a feature for enterprise customers and as such may not be available when you attempt to access it. If you would like access, please get in touch.

To enable SSO, it is necessary to have either an owner or admin role within your Cloudchipr organization.

Enable SSO for Cloudchipr using Okta

To configure SSO for Cloudchipr using Okta, follow these steps:

Create Application

1. In Okta, navigate to the Admin dashboard and click Applications.
2. On the Applications page, click Create App Integration.

3. In the modal that appears, select the SAML 2.0 radio button and click Next.

4. Enter a name for the app. For easier recognition, you can also upload a logo to go with it. Then click Next.

Create SAML Integration

5. Next, you'll configure your SAML settings. Copy the Single sign-on URL and Audience URI (SP Entity ID) from Cloudchipr, and paste them into the matching fields in Okta.

You can find the Single sign-on URL and the Audience URL (Entity ID) in Cloudchipr, under  > ⚙️ Settings > Account Security & SSO > Enable Okta

6. Add Attribute Statements (This helps to map necessary Okta values to Cloudchipr application)

   1. organization_id can be found in Cloudchipr UI, in the Settings → Account Security section when you hit Enable in Okta, you can see your Organization ID

      Name	Name format	Value
      email_verified	Unspecified	true
      role	Unspecified	appuser.role
      group_role	Unspecified	appuser.group_role

   It should look like below:

   

7. Select Next

8. Choose the following options:

9. Click on Finish

Setup per user custom attributes

1. In the Admin Console, go to Directory > Profile Editor.
2. Choose your application.
3. Click Add Attribute
4. Fill in the following fields on the opened page
   1. Data type: choose string
   2. Displal name: Role
   3. Variable name: role
   4. Attribute members: Ensure you use the exact values listed in the table below

5. Click Save

It should appear as below.

Setup per Group custom attributes

1. Click Add Attribute again to add Group custom attributes
2. Fill in the following fields on the opened page
   1. Data type: choose string
   2. Displal name: Group Role
   3. Variable name: group_role
   4. Attribute members: Ensure you use the exact values listed in the table below
   5. Attribute Type: choose Group

Attribute members

5. Click Save

It should appear as below.

Assign the necessary roles to users

Within your Okta Application, assign the right roles to the users as in the example below:

Retrieve your SAML2.0 configurations from Okta and set in Cloudchipr.

1. In your Okta Application view, Go to the Sign On Tab

   

2. Scroll down and click View SAML Setup Instructions on the right side

   

3. Please ensure to gather and save the following two pieces of information from the instructions page:

   • Identity Provider Single Sign-On URL: This is the first entry on the page. You will need this URL later for authentication purposes when connecting to Cloudchipr with Okta.
   • IDP Metadata XML File: Navigate to the bottom of the page and locate the section titled "Provide the following IDP metadata to your SP provider". Here, you will find an XML file. Please copy this file as it is necessary for setup.

17. In the Cloudchipr UI, navigate to the "Enable Okta" section and insert the copied XML file into the XML Metadata field. Then, click on Enable to activate the integration.

After activation, a notification confirming a successful Okta connection will appear in the bottom right corner of the screen.

📘

All currently invited users will be deleted except the owner. Therefore, ensure you ask your Okta admin to re-invite them through Okta and inform them that authentication will be through Okta.