Okta

How to Configure SAML 2.0 for CloudBees


Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL

CloudBees does not provide backup log-in URL where users can sign-in using their normal username and password. You can email CloudBees support (support@cloudbees.com) to turn off SAML, if necessary.

Contents

Supported Features

The Okta/CloudBees SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Sign into CloudBees as an admin at https://grandcentral.cloudbees.com/login.

  2. Navigate to Org > SAML SSO, then click New Service:

    cloudbees_new1.png

  3. Follow these steps:

    • In the Set up SSO with SAML 2.0 IdP (Identity Provider) for your organization section, make a copy of your Organization Name marked in red in the screenshot below.

    • Login URL: Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • Provision user (optional): Check this checkbox to enable Just In Time Provisioning.

    • X.509 Certificate Copy and paste the following:

      Sign in to the Okta Admin app to have this variable generated for you.

    • Email domains: Specify the comma separated list of domains for which SAML login process should be triggered.

    • Click Create:

    cloudbees_new2.png

  4. If all goes well you will see a Verify button showing the validation key in the following format:

    cloudbees-domain-verification:0123456789abcdef0123456789abcdef01234567

    This key will need to be added as DNS TXT record.

    cloudbees_new3.png

  5. After the DNS TXT record with above mentioned key has been added, click Verify, this will validate the domain ownership.

    Note: There may be an up to 24 hour delay between your record being created and it validating with CloudBees.

  6. If domain ownership has been validated you are all set to use SAML Login process and your SAML configuration should show Certificate Fingerprint instead of the actual X509 certificate.

    cloudbees_new4.png

  7. In Okta, select the Sign On tab for the CloudBees SAML app, then click Edit:

    • Enter your Organization Name you made a copy of in step 3 into the corresponding field.

    • Click Save:

    cloudbees_new5.png

  8. Done!

Notes

The following SAML attributes are supported:

SP-initiated SSO

  1. Go to: https://grandcentral.cloudbees.com/login URL

  2. Enter your email, then click Log in:

    3. cloudbees_new6.png