How to Set Up SSO with Okta

CloudZero supports single-sign on (SSO) for Okta. This enables users to seamlessly log in to CloudZero from an Okta tile, without needing to enter a CloudZero username and password.

To set up a new SSO integration for CloudZero using Okta, complete the following steps:

1. Create a new Okta application.
2. Configure the Okta SSO integration in CloudZero.
3. Complete the configuration in Okta.

Step 1: Create Okta Application

1. Log in to Okta and navigate to Admin Console > Applications > Applications.

2. Select Create App Integration.

3. Select OIDC - OpenID Connect as the Sign-in method.

4. Select Single-Page Application.

5. Select Next.

6. Enter a name in the App integration name field, such as CloudZero.

7. Optionally, upload a logo to the Logo field. Download the CloudZero logo here.

8. In the Grant type field, select Advanced, and then check the box for Implicit (hybrid).

9. In the Sign-in redirect URIs field, enter https://auth.cloudzero.com/login/callback

10. Click Save to create the app integration, then select Edit to configure additional options.

11. In the General tab, ensure the Proof Key for Code Exchange (PKCE) box is checked in the Client Credentials section.

12. Copy the Client ID.

13. Keep the Okta settings page open so you can finish configuring it in a later step.

Step 2: Configure Okta SSO Integration in CloudZero

1. Log in to CloudZero and navigate to Settings > SSO Integrations.

2. Select the Create New Integration button:

   

3. On the Select Your Identity Provider page, select Okta:

   

4. CloudZero displays the Connect Okta to CloudZero form:

   

5. The IdP Callback URL field displays the callback URL. Because you entered this URL into your Okta application's Sign-in redirect URIs field in a previous step, you can proceed to the next field.

6. Enter the Email Domain. Users with an email address from this domain will be forwarded to your Okta integration to log in to CloudZero.

7. Enter the Issuer. This is your OIDC Discovery Endpoint (for example, https://example.okta.com/.well-known/openid-configuration). See Okta's documentation for more information.

8. Paste the client ID you copied from Okta into the Client ID field.

9. Select Create Integration. CloudZero creates the SSO integration and reloads the page to display the integration details.

   

10. Select the Open Test Window button to open a new browser tab to test the integration by logging into your IdP:

    

11. In the new tab, authorize CloudZero's request to connect to your account.

12. When the test is successful, the tab closes, and the integration details page in CloudZero displays a modal with the message Connection test successful! Select Close to close the modal.

13. In the SSO Connection Status and Controls section, check the Enable log-ins with my SSO box.

14. Optionally, check the Enable SSO for Groups box to allow your IdP to manage your groups. See Manage Groups with SSO for more information.

    

15. Select Enable.

    ⚠️

    WARNING

    Selecting Enable will immediately activate the SSO integration. If you need to disable this integration, contact your CloudZero support representative.

16. Scroll back up to the General Configuration section and copy the Bookmark URL. It will follow this format: https://app.cloudzero.com?connection=<your-connection-name>

    

Step 3: Complete the Configuration in Okta

1. In Okta, return to the application settings page and paste the bookmark URL you copied into the Initiate login URI field, which is in the LOGIN section of the General tab.

   

2. Select Save in Okta.

Users can now log into CloudZero by selecting the applicable tile in their Okta dashboard.