Important: This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

This article contains the following sections:

• Supported Features
• Configuration Steps
• Notes

Supported Features

The Okta/Cloud Academy SAML integration currently supports the following features:

• SP-initiated SSO

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

In Cloud Academy

Use the following steps to configure the integration. You must be logged in as an administrator to access the screens where you complete these steps.

1. From the dashboard, click the building icon in the top toolbar.
   The Management dashboard appears, open to the Organization page.
2. Click the Settings icon in the left navigation menu.
   The Settings & Integrations screen appears, open to the Company Details tab.
3. Click the Integrations tab.
   The Integrations tab appears.
4. On the SSO card, click  View Integration.
   The SSO configuration screen appears.
5. Click Start Configuring.

In the General Settings section, enter the following:

• SSO URL (Location): Sign into the Okta Admin Dashboard to generate this variable.
• Certificate: Sign into the Okta Admin Dashboard to generate this variable.
• Email domains: Enter your email domain(s).

In SAML attributes mapping section, enter the following attributes:

• Permanent User ID:

permanent_id

• First name:

first_name

• Last name:

last_name

• E-mail:

email

In the Security Settings section:

• Select the Authentication Requests Signed? check box.
• Choose whether to select the Set SSO enforcement check box. If you select this check box, your team members must use their SSO credentials to log in. See How to Migrate Users to SSO for more information about the effects of this check box.

1. Click Save and Test.
   
   The Set up your Service Provider information appears.
2. Make a note your of Organization ID from the Post-back URL value. It’s the last part of the URL.
   For example, if the value in the Post-back URL field is https://cloudacademy.auth0.com/login/callback?connection=sso-12345678
   Then your Organization ID is 12345678.

In Okta

Log in to your Okta Admin Dashboard to complete the following steps. Tip: You will need to return to Cloud Academy, so consider opening Okta in a separate tab.

1. In Okta, select the Sign On tab for the CloudAcademy SAML app, then click Edit.
   • Scroll down to Advanced Sign-on Settings.
   • Enter your Organization ID (see the end of the previous procedure) into the corresponding field.
   • Click Save.
2. Assign a user who exists in CloudAcademy on the Assignments tab in Okta.
3. Go back to CloudAcademy Settings and click Continue.

In Cloud Academy

Return to the Cloud Academy tab for the following steps:

1. In the Set up your Service Provider information window, click Continue. 
   A test screen appears.
2. Click Test SSO Connection.
   If the configuration has problems, an error screen appears with information to help you identify the issue. Update your confirmation and try the test again.
3. Once the test is successful, click Save.
4. From General Settings, make a note of your Subdomain URL value. Your users use this URL to log in to your account.
   

Notes

Since the only SP-initiated flow is supported, we recommend hiding the application icon for users and adding a Bookmark app. Follow the instructions here. Use the following Bookmark application configuration values:

• Application label: CloudAcademy
• URL: Enter the Subdomain URL value from the previous procedure.

The following SAML attributes are supported:

SP-initiated SSO

OPTION 1

Open the Subdomain URL value from the previous procedure.

OPTION 2

1. Go to: https://cloudacademy.com/login/
2. Enter your Email, then click Login.
3. Click Login with SSO. 
   See the Log in with Company SSO section of the Logging in to Cloud Academy article for more informtion.