SSO is intended for accounts with multiple users who take the extra security measure of signing into third-party applications using an identity provider.
You'll need a Microsoft account with administrator access to manage Entra ID to complete the configuration.
Azure (Microsoft Entra) Configuration
Step 1: Reach out to our support team
First, request an ACS URL from Cube's Support team. After you've received this URL from us, use the steps below to begin your Okta configuration.
Step 2: Set up Microsoft Entra
Please complete the steps outlined here to set up your SAML 2.0 identity provider and create an app registration in Azure.
Step 3: Configure SAML claims
A SAML 2.0 configuration requires combining information from your org and the target app. For help updating the Attributes & Claims mapping in Azure, please refer to the directions here.
The following Attributes will need their names updated and are case sensitive:
- givenname >> User.FirstName
- surname >> User.LastName
- name >> User.EmailAddress
The Name is our (Cube) field name, and the Value is the data from Azure.
Note: We use user.userprincipalname for email because it’s the Azure login email. Read more here.
Also, ensure that the Namespace attribute for each claim is blank.
Step 4: Share metadata with our support team
Our support team will need the following information so they can configure our side of your SAML settings.
1. The Identity Provider Issuer. This is often called the Entity ID or simply "Issuer." The assertion will contain this information, and the SP will use it as verification.
2. The Identity Provider Single Sign-On URL. The SP may refer to this as the "SSO URL" or "SAML Endpoint." It's the only actual URL Okta provides when configuring a SAML application, so it's safe to say that any field on the Service Provider side expecting a URL will need this entered into it.
3. The x.509 Certificate (base 64 version). Click Download Certificate and send the file to us. Some service providers allow you to upload this as a file, whereas others require you to paste it as text into a field. Please send this to Cube via One Time Secret.
Accessing your account with single sign-on (SSO)
When our team has configured Azure with SAML SSO for your Cube instance, you'll be able to use it to sign in:
1. Select Using Single Sign-On?
2. Input your company email address, then click Submit
3. You will be redirected to your organization's sign-in page, and after successfully signing in, you will be redirected to Cube.