Documentation
Okta

Okta

Cube Cloud supports authenticating users through Okta, which is useful when you want your users to access Cube Cloud using single sign on. This guide will walk you through the steps of configuring SAML authentication in Cube Cloud with Okta. You must be an account administrator in your Okta organization to access the Admin Console and create a SAML integration.

Single sign-on with Okta is available in Cube Cloud on Enterprise and above (opens in a new tab) product tiers.

Enable SAML in Cube Cloud

First, we'll enable SAML 2.0 authentication in Cube Cloud. To do this, log in to Cube Cloud and

  1. Click your username from the top-right corner, then click Team & Security.

  2. On the Authentication & SSO tab, ensure SAML 2.0 is enabled:

Cube Cloud Team Authentication and SSO tab

Take note of the Single Sign On URL and Audience values here, as we will need them in the next step when we configure the SAML integration in Okta.

Create a SAML Integration in Okta

Next, we'll create a SAML app integration for Cube Cloud in Okta (opens in a new tab).

  1. Log in to your Okta organization as an administrator, then navigate to the Admin Console by clicking Admin in the top-right corner.

  2. Click Applications > Applications from the navigation on the left of the screen, then click Create App Integration, then select SAML 2.0 and click Next.

  1. Enter a name for your application and click Next. You can optionally upload a logo for the application, but this is not required.
  1. Enter the following values in the SAML Settings section:
NameDescription
Single sign on URLUse the Single Sign On URL value from Cube Cloud
Audience URI (SP Entity ID)Use the Audience value from Cube Cloud
  1. Scroll down to the Attribute Statements section and create the following entries:
NameName formatValue
emailBasicuser.email
nameBasicuser.firstName
  1. Click Next to go to the Feedback screen, fill in any necessary details and then Finish to complete the integration:

You should now see your new SAML app integration's details. Click the Sign On tab:

From under Settings > Sign on methods > SAML 2.0, click More details:

Take note of the Sign on URL, Issuer and Signing Certificate values, as we will need them in the next step.

Enable SAML in Cube Cloud

In this step, we'll finalise the configuration by entering the values from our SAML integration in Okta into Cube Cloud.

  1. From the same Authentication & SSO > SAML 2.0 tab, click the Advanced Settings tab:
  1. Enter the following values in the SAML Settings section:
NameDescription
IdP Issuer (IdP Entity ID)Use the Issuer value from Okta
Identity Provider Login URLUse the Sign on URL value from Okta
CertificateUse the Signing Certificate value from Okta
  1. Scroll down and click Save SAML 2.0 Settings to save the changes.

Log in with Okta

The last step is to start using SAML authentication. To do this, use the following instructions:

  1. Click your username from the top-right corner, then click Team & Security.

  2. On the Authentication & SSO tab, scroll down to SAML 2.0 and copy the Single Sign On URL value:

Cube Cloud Team Authentication and SSO tab
  1. Open a new browser tab and paste the Single Sign On URL value into the address bar, then press Enter. You should be redirected to Okta to log in, and after a successful login, you should be redirected back to Cube Cloud.