All Resources
Doc8 min readApr 2, 2026

SAML 2.0 Configuration

Supported Features

The Okta/Cloudsaver Tag Manager SAML integration currently supports:

  • IDP-Initiated SSO
  • SP-Initiated SSO
  • SLO (Single Logout)
  • JIT (Just-In-Time) Provisioning

IDP-Initiated SSO

This configuration involves 20 steps coordinating settings between the Okta Admin console and Cloudsaver:

  1. Navigate to Applications > Browse App Catalog in Okta
  2. Search for and select CloudSaver – Tag Manager
  3. Click Add Integration
  4. Verify application name in General Settings and click Done
  5. In Cloudsaver, go to Settings > Single Sign-On
  6. Click Set Up SSO to display Configure Single Sign-On page
  7. Enter "Okta" as Identity Provider
  8. Download the PEM Certificate from SAML Identity Provider Configuration
  9. In Okta's Sign On tab, click Edit
  10. Upload Cloudsaver certificate to Encryption Certificate field
  11. Expand More Details section
  12. Download the Signing Certificate
  13. In Cloudsaver, upload the certificate under X509 Signing Certificate
  14. Copy the Single Sign-On URL from SAML Identity Provider Configuration
  15. Paste into Okta's Advanced Sign-on Settings
  16. Copy Okta's Sign on URL value
  17. Paste into Cloudsaver's Sign-in URL field
  18. Copy Cloudsaver's Entity ID
  19. Paste into Okta's Entity ID field and save
  20. Submit Configuration in Cloudsaver

SP-Initiated SSO

  1. Complete IDP-initiated setup first
  2. Navigate to Settings > Single Sign-On and select Change SSO Settings
  3. Enter email domain name (e.g., "cloudsaver.com" for test@cloudsaver.com)
  4. Click Submit Configuration
  5. Test at https://app.cloudsaver.com/ by entering your email

SLO (Single Logout)

  1. Complete IDP-initiated setup first
  2. Navigate to Settings > Single Sign-On and select Change SSO Settings
  3. Copy the Single Sign-Out URL
  4. In Okta application, view Sign On tab and click Edit
  5. Check Enable Single Logout field
  6. Download PEM Certificate from Cloudsaver
  7. Upload certificate to Okta's Signature Certificate field
  8. Expand More details section
  9. Copy the Single Logout URL
  10. Paste into Cloudsaver's Sign-out URL field and submit
  11. Save in Okta application page

Supported SAML Attributes

The following SAML attributes are supported:

  • User.firstName— user.firstName
  • User.lastName— user.lastName
  • User.email— user.email

Important Notes

Ensure correct Subdomain entry in the General tab to avoid authentication failures. Incorrect values will prevent SAML authentication to Cloudsaver Tag Manager.

Want to see how this applies to your environment?

Get your free savings assessment