Single Sign-On with Okta

This guide provides step-by-step instructions on setting up Okta as a SAML IdP for your Cloudsmith Organization.

Adding Cloudsmith to Okta

Cloudsmith is not yet an integrated application in Okta. You'll have to add Cloudsmith manually so you can configure SSO.

Step1

Log into Okta and click Admin in the top right:

Step2

Choose Applications from the top menu:

Step3

Click the green Add Application button in the top right:

Step4

Click the green Create New App button:

You should then see a modal window pop up where we can begin to enter our application's details.

Step5

Select Web and SAML 2.0 and click the green Create button:

Step6

On the next screen (General Settings), enter the App name as "Cloudsmith". (You can optionally add the Cloudsmith logo too for easier visibility, you can find hi-res versions of the logo here):

Step7

Next, we'll configure SAML settings. To determine your Single sign on URL we use the following format: "https://cloudsmith.io/orgs/MY_ORG_NAME/saml/acs/", where "MY_ORG_NAME" is replaced with your organization's slug.

We use the same URL for the Audience URI value below.

For Name ID Format choose "EmailAddress", and for Application username choose "Email".

Step8

Next, we'll configure Okta to also send the user's first and last names during sign-in:

Step9

Hit the green Next button at the bottom of the page.

Step10

Fill out the Feedback section on the next page and hit the green Finish button:

Step11

Your application is now configured on Okta and you can add users groups as required using the Assignments tab of your application management screen:

Providing configuration to Cloudsmith

Once configured as above, you'll need to provide metadata to Cloudsmith to connect to your newly configured IdP.

In the Sign On tab of your application management screen you should see a link that provides metadata for dynamic configuration:

Copy this link and add it to your Cloudsmith organization SAML settings.

🚧

Note: The Okta page continues to display the "SAML 2.0 is not configured until you complete the setup instructions" message even after the configuration is complete.

All wrapped up!

You can then enable SAML authentication in your Cloudsmith SAML settings and you can use Okta to begin logging in straight away.

You'll be able to access the landing page of your organization at the following URL:
https://cloudsmith.io/orgs/ORG/saml/login/

Where ORG is your organization's slug/identifier (what you would normally see in the URL when accessing your organization within Cloudsmith). If you're not sure what this is, please just ask us.

If you have any feedback on our SAML functionality or features you wish we supported, please do let us know as it'll help inform our roadmap in future.


Did this page help you?