Using Okta as an IdP
The following guide will help you setup Okta to be used as an Identity Provider for CloudZero.
Okta Setup - create new application
In Okta, add an application for CloudZero.

Next, create a new application connection since CloudZero is not available from the marketplace.

In the popup window, configure the application with:
- Platform = Web
- Sign on method = SAML 2.0

Okta Connection General Settings
For "Step 1 - General Settings," enter an app name that matches the following guidelines: cloudzero-
App Name
Only enter the domain name, not the domain extension. For example, if your companies emails are @acme.com, you would enter "cloudzero-acme" in the app name.

(Optionally) setup the logo and app visibility settings.
Okta connection SAML configuration
For "Step 2 - Configure SAML," use the following settings:
- Single sign on URL - https://cloudzero.auth0.com/login/callback
- Audience URI (SP Entity ID) - urn:auth0:cloudzero:cloudzero-
- Example from above = cloudzero-acme
- Default RelayState –
- Name ID format - Unspecified
- Application username – Okta username
- Update application username on – Create and Update
- ATTRIBUTE STATEMENTS (these are required)
- email
- Name – email
- Name format – Unspecified
- Value – ${user.email}
- email_verified
- Name – email_verified
- Name format – Unspecified
- Value – true
- email

Okta connection Feedback
For "Step 3 - Feedback," use the following settings:
- Are you a customer or partner? - I'm an Okta customer adding an internal app

Then click finish.
Email CloudZero the Okta Details
Once you’re done create the cloudzero application within Okta, e-mail the connection details to [email protected] with the subject “ - Okta Setup”.
The connection details can be found on the application’s detail page is made up of the following pieces of information:
- General Tab -> Audience Restriction
- Sign-On -> Identity Provider Single Sign-On URL
- Sign-On Tab -> Identity Provider Issuer
- Sign-On Tab -> X.509 Certificate
General Tab
When you first view the details for your application, you’ll be placed on the “General” tab. Scroll down to the SAML Settings sections and copy the Audience Restriction value into the e-mail you’re drafting.

Sign-On Tab
When you click on the “Sign-On” tab, click “View Setup Instructions” to the right of the yellow box.

The connection details will load in a new tab. Download the certificate and attach that to the e-mail along with the Identity Provider Single Sign-On URL and Identity Provider Issuer to [email protected].

Send the email with that information and we'll get back to you shortly.
Initiating logins from Okta
Due to security concerns CloudZero does not support fully IDP initiated logins at this time. However, if you'd like your employees to see a CloudZero tile in their Okta screen we suggest that you setup a bookmark app. For instructions on how to do that please refer to this Okta help article: https://support.okta.com/help/s/article/How-do-you-create-a-bookmark-app?language=en_US
Updated about 1 month ago