Single Sign-On with Okta

Set up Single Sign-On with Okta

Step 1: Set the Base URL

  1. In the CloudQuery Platform sidebar, click on your user profile, then select Admin Settings.

  2. Switch to the Single Sign-On tab.

  3. In the Base URL field, enter the HTTPS URL for your platform installation and click Submit.

    • This should be the domain or subdomain where you host CloudQuery Platform, e.g., https://cloudquery.example.com.

Configuring the platform base URL in CloudQuery

Step 2: Create a SAML Application in Okta

  1. In a new tab, log in to your Okta Admin Console.

  2. Navigate to Applications → Applications.

  3. Click Create App Integration.

  4. Select SAML 2.0 as the sign-in method and click Next.

Creating a new SAML 2.0 application

Step 3: Configure SAML Settings

In the General Settings section, enter an CloudQuery as the App name, upload a logo (optionally) and click Next.

CloudQuery application details

Under SAML Settings, enter the following:

  • Single sign-on URL (ACS URL): Copy this value from the CloudQuery Admin panel.

  • Audience URI (Entity ID): Copy this value from the CloudQuery Admin panel.

  • Name ID Format: Select EmailAddress.

SAML settings with values coming from CloudQuery SSO page

Scroll down to Attribute Statements and add the following:

  • first_name → user.firstName

  • last_name → user.lastName

  • email → user.email

Mapping CQ attributes with Okta attributes

Then, click on Next.

Step 4: Assign Users and Groups

  1. In the Assignments section, select Skip group assignment for now or assign users as needed.

  2. Click Finish.

  3. Navigate to the Assignments tab of the CloudQuery application in Okta.

  4. Click Assign → Assign to People or Assign to Groups and select users or groups.

Step 5: Configure Metadata and Sign-Out URL

In the newly created application, go to the Sign On tab.

Then, under Settings, find the Identity Provider metadata link and copy the Metadata URL.

Metadata URL and Sign out URL values to be copied

Once done, head back to the CloudQuery Admin panel, enter the Metadata URL instead of uploading an XML file. Then, locate the Sign-Out URL in Okta and copy it.

In the CloudQuery Admin panel, enter the Sign-Out URL to ensure proper logout functionality.

Configuration of Metadata URL and Sign out URL

Step 6: Enable and Test SSO

  1. In the CloudQuery Admin panel, click Save and enable.

  2. In the Okta Admin Console, click Sign On → Test Sign In.

  3. If everything is set up correctly, you should be logged into CloudQuery Platform using your Okta credentials.

Last updated

Was this helpful?