Cloud Conformity Okta integration guide

Here are the steps to enable SAML SSO using Okta for Cloud Conformity

Home Help Cloud Conformity Okta integration guide

Okta SAML SSO Integration Set-up

Contact your account manager and SSO@cloudconformity.com for help on how to get started.

Integration Steps

01 Sign in to Okta as an admin and click on Admin button

02 Click on Add Applications and then select Create New App

03 Select SAML 2.0 option

04 Enter Cloud Conformity in App name field

05 Click next and enter the following information:

Single sign on URL https://www.cloudconformity.com/v1/proxy/sso/saml/consume
Requestable SSO URLs https://www.cloudconformity.com/v1/proxy/sso/saml/consume
Audience URI (SP Entity ID) https://www.cloudconformity.com
Name ID format
Email Address
Application username
Email
Click show advanced settings and enter:

ATTRIBUTE STATEMENTS (OPTIONAL)

Name	Name format	Value
firstName	Unspecified	user.firstName
lastName	Unspecified	user.lastName
email	Unspecified	user.email

06 To enable IdP-initiated sign-on, set Default RelayState to REGION_OF_SERVICE:YOUR_DOMAIN.com
e.g. us-west-2:example.com

07 In Configure SAML tab advanced settings upload this X.509 certificate in both Encryption Certificate and Signature Certificate fields.

08 Configure Role mapping

Users coming through Okta, can take any of the four supported roles in Cloud Conformity:

Admin: This role is the organisation administrator and has full access to everything in Cloud Conformity.
Power user: This role has full access to all accounts but no organisation-level access, e.g. cannot manage users or add accounts.
Read-only: Similar to power user but only with read-only access to all accounts.
Custom: Custom users have no access by default and can be granted fine-grained permissions after their first sign-on, by an organisation administrator.

To setup mapping from Okta Groups to Cloud Conformity Roles:

Add a group named CC_ADMIN (or use any group you prefer)
Assign users you would like to have admin access to Cloud Conformity to CC_ADMIN group
Repeat this process for Power user, Read-only and Custom roles as you see fit.
In Cloud Conformity application, add a Group Attribute Statement with:
Name: role
Filter: regex .*CC.*

If you have another group name for Cloud Conformity admins, make sure filter regex matches the group name.

09 In Feedback step, check I'm an Okta customer adding an internal app and It's required to contact vendor to enable SAML then finish setup.

10 In Sign On tab in the application that you have just created, click on Identity Provider Metadata to download IdP metadata XML file. You will need it to complete the setup later.

Once you have provided identity provider metadata, a member of our team will import it to Cloud Conformity as a trusted identity provider and can begin verifying the integration. Please contact your account manager and SSO@cloudconformity.com for additional help.

04

05

07

08

Whether you are still exploring the benefits of Amazon Web Services, or are running complex critical workloads, Cloud Conformity simplifies the challenging task of maintaining visibility of your infrastructure and ensuring compliance against best practices, along with identifying potential threats in real-time.

Start a free trial