SAML with Okta

Step 1: Login to your Okta Admin portal and navigate to Applications. Click Add Application. ok-saml1

Step 2: On the left side, Select Create a New App ok-saml2

Step 3: Choose SAML 2.0 and click Create. ok-saml3

Step 4: Name the app and click Next. ok-saml4

Step 5: Enter your authorization domain /cdn-cgi/access/callback on Single sign on URL and SP Entity ID fields. Choose the value you want to be passed as the Name ID. In the attribute statement create a new attribute called email and pass the email of the user as value. ok-saml5

Step 6: Click next and finish. ok-saml6

Step 7: Next you need to assign groups or users who can access the application. Click on assignments tab and choose users or groups. ok-saml7 ok-saml8 ok-saml9

Step 8: Navigate to the Sign on tab to get the identity provider information. ok-saml10

Step 9: Scroll to the bottom and copy the metadata and save it as save it as an xml file. say sp-metadata.xml. Navigate to the access tab and upload the metadata. ok-saml11

Step 10: If you choose to enter manually, Enter the following information in the Cloudflare Access modal.

  • Provider Name: Name your identity provider.
  • Single Sign on URL: Copy the Identity Provider Single-Sign-On URL
  • Idp Entity ID: Copy the Identity Provider Issuer
  • Signing Certificate: Copy the certificate from X.509 Certificate between Begin Certificate and End Certificate. ok-saml12

Step 11: Finally enter email as Email attribute in SAML assertion field. Click save and close.