HomeDocumentation and Guides
Home
Documentation and Guides

Okta

Okta can be used as an Identity-as-a-Service (IDaaS) provider, as well as authorized as a platform in Cisco Cloudlock. Each section below details the set up for each process.

Prerequisites

  • Administrator credentials in Okta. The following rights are required: READ_ONLY_ADMIN with ORG_ADMIN.
  • Ability to log into Cisco Cloudlock as an administrator via Google or another OAuth-based system.
  • You will also need your organization’s Okta subdomain.

Set Up SAML Authentication in Okta

Follow these steps to set up Okta-based SAML authentication in Cloudlock:

  1. Log into Okta as an administrator.
357
  1. Select Add Applications.
745
  1. Search for Cloudlock, then select Add.
750
  1. Enter your organization’s domain.
747

🚧

Domain Must Match

The domain you enter must exactly match the domain entered in the Cisco Cloudlock back end; all characters must match and be the same case. If you have difficulty at this stage, contact Cloudlock to make sure the Okta and Cloudlock domain entries are in agreement.

  1. Select Assign to People, select the people to whom you want to grant access to Cloudlock, then select Next.
750
  1. You see the results displayed:
750
  1. Select Sign On. In the Sign On information panel, scroll down and copy the metadata.
754
  1. Log into Cisco Cloudlock using your OAuth credentials (e.g. Google, etc).
424
  1. In the Cloudlock window, select Settings > Add Users, then add the ID you will use for your SAML login.
424
  1. In the Settings panel, scroll down and enable SAML Configuration, then paste the Okta metadata you previously copied.
625
  1. Log out of Cloudlock.
352
  1. Select SAML and enter your Okta email address to log back into Cloudlock.
358
  1. Enter your SAML credentials in Okta’s Cloudlock sign on panel.
706
  1. The Cloudlock dashboard appears. You have finished SAML setup for Okta.

Okta Platform Authorization

Configuration

This section details how to configure Okta in Cisco Cloudlock.

Generate an API key on Okta

  1. Log into your Okta domain (make a note of your Okta domain for the next step — it is generally of the form [your_identifier].okta.com:
727
  1. Select Admin > Security > API:
727
  1. Create a new Token for the Cloudlock application:
725

🚧

Copy the Token

Copy the token. When you select OK, Got It, there is no way to retrieve the token again!

The token appears in the following modal dialog:

731

Set Up Okta as a New Platform in Cloudlock

  1. In Cloudlock, select Settings > Platforms tab
  2. Select Authorize in the Actions column for the Okta platform
  3. Enter the following information:
    API Key: paste this from the Okta security API settings page.
    Okta Sub-Domain: This is the domain you use to log into Okta. In this example, the domain is [your_identifier].okta.com. It is not the admin domain, which is generally of the form [your_identifier]-admin.okta.com.
775