SAML 2.0 Configuration

Jul 26, 2024

Supported Features

The Okta/CloudSaver – Tag Manager SAML integration currently supports the following features:

  • IDP-Initiated SSO
  • SP-Initiated SSO
  • SLO
  • JIT (Jist-In-Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

IDP-Initiated SSO

1. In the Okta Admin console, go to Applications > Applications and click Browse App Catalog.

SAML IDP SSO 1

2. Enter “CloudSaver” on the search box and select CloudSaver – Tag Manager tile.

SAML IDP SSO 2

3. Click Add Integration to start configuring.

SAML IDP SSO 3

4. Under General Settings, verify that the application name is correct and click Done.

SAML IDP SSO 4

5. In CloudSaver, go to Settings > Single Sign-On.

SAML IDP SSO 5

6. Click Set Up SSO and the Configure Single Sign-On page will be displayed.

SAML IDP SSO 6

7. In Configure Single-Sign On page, enter “Okta” as Identity Provider.

SAML IDP SSO 7

8. Under SAML Identity Provider Configuration, download the PEM Certificate.

SAML IDP SSO 8

9. Back on the Okta Application details page, make sure the Sign On tab is selected and click Edit.

SAML IDP SSO 9

10. Scroll to Encryption Certificate field and upload the CloudSaver certificate.

SAML IDP SSO 10

11. Expand the More Details section.

SAML IDP SSO 11

12. Download the Signing Certificate.

SAML IDP SSO 12

13. Back to CloudSaver Configure Single-Sign On page, under X509 Singing Certificate, select the downloaded certificate.

SAML IDP SSO 13

14. Under SAML Identity Provider Configuration, copy the Single Sign-On URL.

SAML IDP SSO 14

15. Scroll down to Advanced Sign-on Settings in Okta and paste.

SAML IDP SSO 15

16. Scroll up to Okta more details section, copy the Sign on URL value.

SAML IDP SSO 16

17. Back to Configure Single-Sign On page in CloudSaver, paste the value to Sign-in URL field.

SAML IDP SSO 17

18. Go back to CloudSaver Configure Single-Sign On page and copy the Entity ID value.

SAML IDP SSO 18

19. Back to Okta, scroll down Advanced Sign-On Settings, paste the value to Entity ID field and click Save.

SAML IDP SSO 19

20. Back to CloudSaver Configure Single Sign-On page, click Submit Configuration.

SAML IDP SSO 20

21. Configuration now completes.

SP-Initiated SSO

1. Starts by following instructions to setup SSO (IDP-initiated)

2. In CloudSaver, navigate to Settings > Single-Sign On and select Change SSO Settings.

SAML SP SSO 2

3. To enable SP-initiated flow, enter email domain name in CloudSaver Configure Single-Sign On page and click Submit Configuration. For example: if email is test@cloudsaver.com, then domain name is cloudsaver.com.

SAML SP SSO 3

4. Configuration now completes.

5. To ensure SP-initiated SSO is configured correctly, go to https://app.cloudsaver.com/.

6. Enter your email and you will be redirected to Login with Okta.

SLO

1. Starts by following instructions to setup SSO (IDP-initiated).

2. In CloudSaver, navigate to Settings > Single-Sign On and select Change SSO Settings.

SAML SLO SSO 2

3. Under SAML Identity Provider Configuration, copy the Single Sign-Out URL.

SAML SLO SSO 3

4. In Okta application page, select CloudSaver app, view Sign On tab and click Edit.

SAML SLO SSO 4

5. Scroll down and check Enable Single Logout field.

SAML SLO SSO 5

6. Back to CloudSaver Configure Single Sign-On page, under SAML Identity Provider Configuration, download the PEM Certificate.

SAML SLO SSO 6

7. Back to Okta application page, upload the CloudSaver certificate to Signature Certificate field.

SAML SLO SSO 7

8. Click to expand More details section.

SAML SLO SSO 8

9. Copy the Single Logout URL value.

SAML SLO SSO 9

10. Back to CloudSaver, paste the value to Sign-out URL field and click Submit Configuration.

SAML SLO SSO 10

11. In Okta application page, scroll down and click Save.

SAML SLO SSO 11

12. Single Logout is now configured.

Notes

Make sure that you entered the correct value in the Subdomain field under the General tab. Using the wrong value will prevent you from authenticating via SAMLE to CloudSaver Tag Manager.

The following SAML attributes are supported:

 

Name Value
User.firstName user.firstName
User.lastName user.firstName
User.email user.email