Configure federated authentication with Okta

Okta is an identity and access management platform that allows organizations to manage their employees' access to applications and devices. You can configure Okta as an identity provider (IdP) for DoubleCloud, so that your users can use their Okta credentials to log in to DoubleCloud.

Step 1. Create a SAML application in Okta

  1. Go to the Okta Admin console and sign in.

  2. In the left menu, click ApplicationsApplications.

  3. Click Create app integration.

  4. In the Create a new app integration dialog, select SAML 2.0 and click Next.

  5. Under General settings, enter an app name, such as DoubleCloud.

  6. Click Next.

  7. In Single sign-on URL and Audience URI, enter https://double.cloud.

    Make sure that the Use this for Recipient URL and Destination URL checkbox is enabled.

    This is a placeholder value that you will change at a later step

    You need to use a placeholder here because you can get the actual URL only after you configure the federation on the DoubleCloud side.

  8. Click Next at the bottom of the page.

  9. Click Finish.

  10. On the Sign on tab, click View SAML setup instructions at the bottom of the right panel. The How to configure SAML 2.0... page will open with details you need to configure the federation in DoubleCloud.

  11. Download the certificate from step 3.

  12. Keep this page open.

Step 2. Create a federation in DoubleCloud

  1. Go to the DoubleCloud console.

  2. In the top bar, click your organization name → Manage organizations.

  3. Select Members from the panel on the left and switch to the Federations tab.

  4. Click Create and enter the following details in the form:

    • Name: Federation name, such as Okta.

    • Cookie lifetime: Desired cookie lifetime.

    • IdP Issuer: The Identity provider issuer value from the How to configure SAML 2.0... page. It has the http://okta.com/<app-id>/ format.

    • Login URL: The Identity provider single sign-on URL value from the How to configure SAML 2.0... page. It has the https://<company-name>.okta.com/app/<app-name>/<app-id>/sso/saml format.

    • Under Advanced, enable Automatically create users if you want to add users to your organization automatically when they sign in. If you keep it disabled, you’ll need to manually add your federated users.

  5. Click Create federation. The Federation overview page will open.

  6. Click Add certificates and upload the SAML certificate you downloaded from the How to configure SAML 2.0... page.

    Keep the Federation overview page open.

Step 3. Finish configuration in Okta

  1. Switch back to Okta.

  2. In the left menu, click ApplicationsApplications.

  3. Select your application from the list.

  4. In SAML settings, click Edit.

  5. Click Next to go to the Configure SAML step.

  6. In Single sign-on URL and Audience URI, replace the placeholder with the Link to federation login page value from the Federation overview page in DoubleCloud.

  7. Click Next.

  8. Click Finish.

Step 4. (Optional) Add users

If you didn't enable creating users automatically, you need to add them manually in the DoubleCloud console.

To add a federation user manually:

  1. Go to the DoubleCloud console.

  2. In the top bar, click your organization name → Manage organization.

  3. Select Members from the panel on the left.

  4. Under Invite to the organization, select SSO.

  5. In the dropdown, select your federation.

  6. Enter the emails of the users you want to invite and click Invite.

Step 5. Test the federation

  1. Log in to the DoubleCloud console using the federation URL.

  2. Authenticate on the Okta login page you’re redirected to.

See also

Previous
Configure authentication with Entra ID (Azure AD)
Next
Manage a federation