> Cloud Rewind Overview > Identity and Access Management > Configure Single Sign On

Configure SAML using Okta

To enable Cloud Rewind single sign-on (SSO) using Okta:

Step 1: Configure SSO (SAML) integration with Okta

  1. In Cloud Rewind, go to IAM > Authentication > SAML ENABLE and enable Enable Single Sign-On.

    For next steps you'll need the two ID values under Service provider deatils, so copy them to a text file.

  2. In your organizational Okta account, create an app integration for Cloud Rewind.

    Configure the following fields as follows:

    • Single Sign-On URL: The ACS ID that you copied from Cloud Rewind.

    • Audience URI: The Entity ID that you copied from Cloud Rewind.

    • Name ID format: Email address

    • Application username format: OKTA username

    • Update application username on: Create and update

    And under Advanced Settings, configure:

    • Attribute Statements:

      • Name: email (all lower case)

      • Name format: Basic

      • Value: user.email

    • Optionally, Group Attribute Statements

    Make sure to save the configuration.

  3. Back in Cloud Rewind SAML settings, under Configure identity provider details configure the following fields with data from the Okta Cloud Rewind application:

    • Entity ID: Issuer Value

    • ACL URL: Sign-on URL

    • Certificate: Download the certificate from the Okta Cloud Rewind application (Sign On tab > SAML Signing Certificates), open it in a text editor, copy its content and paste here.

  4. Configure:

    • Default role assignment: Initial Cloud Rewind permissions role for new users

      Note

      This configuration does not change roles for existing users.

    • To make SSO required, preventing access by users managed directly in Cloud Rewind, disable Grant access using Cloud Rewind credentials.

  5. Click Configure.

Step 2: Configure SCIM integration with Okta (optional)

To enable user provisioning from Okta to Cloud Rewind, configure SCIM integration (see also Okta documentation):

  1. In Cloud Rewind, go to IAM > Authentication > SCIM Provisioning ENABLE and enable SCIM Provision.

    You'll need the following for next steps:

    • Copy the Base URL to a text file.

    • Under SCIM Token provide a Token Name and click GENERATE. Copy the produced token to a text file.

    Click Configure.

  2. In Okta, in the Cloud Rewind app integration go to General > Edit and select Provisioning > SCIM. Save the configuration.

  3. Go to Provisioning > Settings > Integration > Edit, and configure:

    • SCIM connector base URL: Paste the Base URL that you copied from Cloud Rewind.

    • Unique identifier field for users: email

    • Supported provisioning actions: Select (only these are currently supported):

      • Push New Users

      • Push Profile Updates

    • Authentication Mode: Select HTTP Header, and by Authentication paste the SCIM token that you copied from Cloud Rewind.

  4. To validate the configuration, Test Connector Configuration.

    Save.

  5. Go to Provisioning > Settings > To App > Edit, and select:

    • Create Users

    • Update User Attributes

    • Deactivate Users

    Save.

×

Loading...