Single Sign-On with Okta
Set up Single Sign-On with Okta
Last updated
Was this helpful?
Set up Single Sign-On with Okta
Last updated
Was this helpful?
In the CloudQuery Platform sidebar, click on your user profile, then select Admin Settings.
Switch to the Single Sign-On tab.
In the Base URL field, enter the HTTPS URL for your platform installation and click Submit.
This should be the domain or subdomain where you host CloudQuery Platform, e.g., https://cloudquery.example.com.
In a new tab, log in to your Okta Admin Console.
Navigate to Applications → Applications.
Click Create App Integration.
Select SAML 2.0 as the sign-in method and click Next.
In the General Settings section, enter an CloudQuery as the App name, upload a logo (optionally) and click Next.
Under SAML Settings, enter the following:
Single sign-on URL (ACS URL): Copy this value from the CloudQuery Admin panel.
Audience URI (Entity ID): Copy this value from the CloudQuery Admin panel.
Name ID Format: Select EmailAddress.
Scroll down to Attribute Statements and add the following:
first_name → user.firstName
last_name → user.lastName
email → user.email
Then, click on Next.
In the Assignments section, select Skip group assignment for now or assign users as needed.
Click Finish.
Navigate to the Assignments tab of the CloudQuery application in Okta.
Click Assign → Assign to People or Assign to Groups and select users or groups.
In the newly created application, go to the Sign On tab.
Then, under Settings, find the Identity Provider metadata link and copy the Metadata URL.
Once done, head back to the CloudQuery Admin panel, enter the Metadata URL instead of uploading an XML file. Then, locate the Sign-Out URL in Okta and copy it.
In the CloudQuery Admin panel, enter the Sign-Out URL to ensure proper logout functionality.
In the CloudQuery Admin panel, click Save and enable.
In the Okta Admin Console, click Sign On → Test Sign In.
If everything is set up correctly, you should be logged into CloudQuery Platform using your Okta credentials.
