Okta can be used as an Identity-as-a-Service (IDaaS) provider, as well as authorized as a platform in Cisco Cloudlock. Each section below details the set up for each process.
- Administrator credentials in Okta. The following rights are required: READ_ONLY_ADMIN with ORG_ADMIN.
- Ability to log into Cisco Cloudlock as an administrator via Google or another OAuth-based system.
- You will also need your organization’s Okta subdomain.
Follow these steps to set up Okta-based SAML authentication in Cloudlock:
- Log into Okta as an administrator.
- Select Add Applications.
- Search for Cloudlock, then select Add.
- Enter your organization’s domain.
Domain Must Match
The domain you enter must exactly match the domain entered in the Cisco Cloudlock back end; all characters must match and be the same case. If you have difficulty at this stage, contact Cloudlock to make sure the Okta and Cloudlock domain entries are in agreement.
- Select Assign to People, select the people to whom you want to grant access to Cloudlock, then select Next.
- You see the results displayed:
- Select Sign On. In the Sign On information panel, scroll down and copy the metadata.
- Log into Cisco Cloudlock using your OAuth credentials (e.g. Google, etc).
- In the Cloudlock window, select Settings > Add Users, then add the ID you will use for your SAML login.
- In the Settings panel, scroll down and enable SAML Configuration, then paste the Okta metadata you previously copied.
- Log out of Cloudlock.
- Select SAML and enter your Okta email address to log back into Cloudlock.
- Enter your SAML credentials in Okta’s Cloudlock sign on panel.
- The Cloudlock dashboard appears. You have finished SAML setup for Okta.
This section details how to configure Okta in Cisco Cloudlock.
Generate an API key on Okta
- Log into your Okta domain (make a note of your Okta domain for the next step — it is generally of the form [your_identifier].okta.com:
- Select Admin > Security > API:
- Create a new Token for the Cloudlock application:
Copy the Token
Copy the token. When you select OK, Got It, there is no way to retrieve the token again!
The token appears in the following modal dialog:
- In Cloudlock, select Settings > Platforms tab
- Select Authorize in the Actions column for the Okta platform
- Enter the following information:
API Key: paste this from the Okta security API settings page.
Okta Sub-Domain: This is the domain you use to log into Okta. In this example, the domain is [your_identifier].okta.com. It is not the admin domain, which is generally of the form [your_identifier]-admin.okta.com.