search cancel

How to integrate Cloudsoc/CASB for SSO login with Okta on SAML 2.0

book

Article ID: 239856

calendar_today

Updated On:

Products

CASB Gateway

Issue/Introduction

Customers may have a requirement to allow SSO login on Cloudsoc/CASB via Okta on SAML 2.0. By default, there is an option to choose Okta for SSO on the cloudsoc portal however it works over API.

Environment

Cloudsoc/CASB portal

Resolution

In order to integrate Cloudsoc/CASB with Okta on SAML2.0. We need to follow the below steps:

  • Login to the Cloudsoc/CASB portal > Settings > Click on Single Sign-on

    •  
  • Create a new application in Okta to add CASB.
  • Log into Okta admin console > Applications > Click on Create App Integration
  • Choose SAML 2.0 and click next
  • Provide App name ‘CASB’ and then next
  • Provide Single Sign-on URL: https://app.elastica.net/saml2/acs/
  • Check the box: Use this for Recipient URL and Destination URL
  • In Audience URI (SP Entity ID) mention: https://app.elastica.net/
  • Name ID Format: Unspecified
  • Application username: Email
  • Click Next and finish the app.
  • Once app is created then open the app configuration on Okta and add imported users in the assignment
  • Your configuration should look like below:

  • Click on view Setup Instructions from below and save the content in a file as OktaIDP.xml:

  • In the User attributes/profile mapping, de-select everything and keep the login mapping like below:

 

  • Now go back to the CASB portal and edit the custom IDP configuration like below:

  • Upload the OktaIDP.xml file in the below location on CASB portal in custom IDP and click configure:

  • Please ensure same users who are allowed in Okta for the CASB app should be created in the CASB portal in the users section.
  • Now logout from the CASB portal, click use Single Sign on and enter allowed user’s email address to test SP initiated login.
  • You may login with the same user in Okta and open CASB app to test IDP initiated login.

Attachments