SSO is intended for accounts with multiple users who take the extra security measure of signing into third-party applications using an identity provider.
Before completing the steps below, request an ACS URL from Cube's Support/CSM. After you've received this URL from us, please proceed to the steps below.
Prerequisites
- Before completing the steps below, request an ACS URL from Cube's Support/CSM. After you've received this URL from us, please proceed to the steps below.
- You'll need an Okta account with admin access to complete the configuration.
Okta Configuration
Please complete the following steps:
Step 1: Launch the Wizard
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- To create a SAML integration, select SAML 2.0 as the Sign-on method.
- Click Next.
Step 2: Configure general settings
- App name: Specify a name for your integration.
- The name can only consist of UTF-8, 3-byte characters.
- Optional. App logo: Add a logo to accompany your integration in the Okta org.
- App visibility: Choose whether to hide your integration from your end-users homepage.
Step 3: Configure SAML settings
A SAML 2.0 configuration requires combining information from your org and the target app. For help completing each field, use your app-specific documentation and the Okta tool tips.
You’ll be taken to a screen with some pieces of information we’ll need, all of the Metadata fields (copy/paste these to send to your Customer Success Manager)
-
-
- Entity ID
The Identity Provider Issuer. This is often called the Entity ID or simply "Issuer." The assertion will contain this information, and the SP will use it as verification.
- Entity ID
-
-
-
- Single Sign-On URL
The Identity Provider Single Sign-On URL. The SP may refer to this as the "SSO URL" or "SAML Endpoint." It's the only actual URL Okta provides when configuring a SAML application, so it's safe to say that any field on the Service Provider side expecting a URL will need this entered into it. - The Certificate (Click Download Certificate and send the file to us)
The x.509 Certificate. Some service providers allow you to upload this as a file, whereas others require you to paste it as text into a field. Please send this to Cube either via a tool that you use for file transfer or One Time Secret.
- Single Sign-On URL
-
- Input the following items in the Service Provider section
- Entity ID = https://portal.cubesoftware.com/users/auth/sso/saml/metadata
- ACS URL = https://portal.cubesoftware.com/users/auth/sso/saml/acs/<company-specific-slug> (this ACS URL will be the one provided by Cube in the First Step)
- In the Attribute Statements section, configure the following IdP Attribute <> SAML Response Attribute mappings (these are case sensitive):
Step 4: Configure feedback
If you are an Okta customer adding an integration that is intended for internal use only:
- Select I'm an Okta customer adding an internal app
- Click the check box for This is an internal app that we have created or, if your app requires additional SAML configuration instructions to work with Okta, click the check box for It's required to contact the vendor to enable SAML. Fill in the provided fields to help the Okta support team understand your SAML configuration.
- Click Finish. Your integration is created in your Okta org.
- The Settings page for your integration appears, where you can modify any of the parameters and assign your integration to users.
Accessing your account with single sign-on (SSO)
Once Customer Success has configured Okta SAML SSO for your Cube instance, you'll be able to use it to sign in:
1. Select Using Single Sign-On?
2. Input your company email address, then click Submit
3. You will be redirected to your organization's sign-in page.
4. After successfully signing in, you will be redirected to Cube.