Skip to Content
DocumentationAdministrationSSO & identity providersOktaSAML

SAML authentication with Okta

With SAML (Security Assertion Markup Language) enabled, you can authenticate users in Cube Cloud through Okta, allowing your team to access Cube Cloud using single sign-on.

Available on Enterprise and above plans .

Prerequisites

Before proceeding, ensure you have the following:

  • Admin permissions in Cube Cloud.
  • Account administrator permissions in your Okta organization to access the Admin Console and create SAML integrations.

Enable SAML in Cube Cloud

First, enable SAML authentication in Cube Cloud:

  1. In Cube Cloud, navigate to Admin → Settings.
  2. On the Authentication & SSO tab, enable the SAML toggle.
  3. Take note of the Single Sign-On URL and Audience values — you’ll need them when configuring the SAML integration in Okta.

Create a SAML integration in Okta

  1. Log in to your Okta organization as an administrator, then navigate to the Admin Console by clicking Admin in the top-right corner.
  2. Click Applications → Applications from the navigation on the left, then click Create App Integration.
  3. Select SAML 2.0 and click Next.
  4. Enter a name for your application and click Next.
  5. Enter the following values in the SAML Settings section:
    • Single sign on URL — Use the Single Sign-On URL value from Cube Cloud.
    • Audience URI (SP Entity ID) — Use the Audience value from Cube Cloud.
  6. Click Next to go to the Feedback screen, fill in any necessary details and click Finish.

Configure attribute statements in Okta

After the application is created, configure attribute statements to map user attributes from Okta to Cube Cloud:

  1. In your SAML app integration, go to the Sign On tab.
  2. Scroll down to the Attribute statements section.
  3. Click Add expression and create the following entries:
NameExpression
emailuser.profile.email
nameuser.profile.firstName

Retrieve SAML details from Okta

Next, retrieve the values you’ll need to complete the configuration in Cube Cloud:

  1. In your SAML app integration, go to the Sign On tab.
  2. In the sidebar, click View SAML setup instructions.
  3. Take note of the following values from the setup instructions page:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate

Complete configuration in Cube Cloud

Return to the SAML configuration page in Cube Cloud and provide the identity provider details:

  • Entity ID / Issuer — Use the Identity Provider Issuer value from Okta.
  • SSO (Sign on) URL — Use the Identity Provider Single Sign-On URL value from Okta.
  • Certificate — Paste the X.509 Certificate from Okta.

Test SAML authentication

  1. Copy the Single Sign-On URL from the SAML configuration page in Cube Cloud.
  2. Open a new browser tab and paste the URL into the address bar, then press Enter.
  3. You should be redirected to Okta to log in. After a successful login, you should be redirected back to Cube Cloud.

Was this page useful?

OktaSCIM