SAML with Okta

Login to your Okta Admin portal and navigate to Applications. Click Add Application. ok-saml1 On the left side, Select Create a New App ok-saml2 Choose SAML 2.0 and click Create. ok-saml3 Name the app and click Next. ok-saml4 Enter your authorization domain /cdn-cgi/access/callback on Single sign on URL and SP Entity ID fields. Choose the value you want to be passed as the Name ID. In the attribute statement create a new attribute called email and pass the email of the user as value. ok-saml5 Click next and finish. ok-saml6 Next you need to assign groups or users who can access the application. Click on assignments tab and choose users or groups. ok-saml7 ok-saml8 ok-saml9 Navigate to the Sign on tab to get the identity provider information. ok-saml10 Scroll to the bottom and copy the metadata and save it as save it as an xml file. say sp-metadata.xml. Navigate to the access tab and upload the metadata. ok-saml11 If you choose to enter manually, Enter the following information in the Cloudflare Access modal.

  • Provider Name: Name your identity provider.
  • Single Sign on URL: Copy the Identity Provider Single-Sign-On URL
  • Idp Entity ID: Copy the Identity Provider Issuer
  • Signing Certificate: Copy the certificate from X.509 Certificate between Begin Certificate and End Certificate. ok-saml12 Finally enter email as Email attribute in SAML assertion field. Click save and close.