Using Single Sign On to create team member accounts

Last modified: June 1st, 2023

Enforce Single Sign On for your team members and increase security by using CloudCannon with SAML.

CloudCannon is set up as a Service Provider (SP) to allow Single Sign On (SSO) for your Organization. To use this feature, you need to be on our enterprise plan and already have your own Identity Provider (IdP).

Configuring SAML#

SAML can be a tricky thing to configure with only one end of debugging. If you would prefer manual assistance with setting up, please contact support.

To configure SAML with your IdP you will need the following details:

  • SAML 2.0 Endpoint (HTTP)
  • Issuer
  • X.509 Certificate

The issuer is configurable to allow multiple organizations from the same IdP. It must start with cloudcannon.com/. Leaving this blank will configure it as cloudcannon.com.

To add these details:

  1. Go to Organization Settings / SAML
  2. Fill in all of the fields available and submit the form
Screenshot of SAML interface

Once configured, you will get a screen defining any information you will need. If you require more information than displayed, please contact support.

Okta Setup#

Okta is a popular Identity Provider. To use Okta SAML with CloudCannon follow these instructions:

Create app#

Create a new SAML 2.0 application on Okta for CloudCannon.

Screenshot of Okta SAML setup interface

Configure Okta#

Go to CloudCannon and open Organization Settings / SAML. Copy your Issuer and Consume URL. If you do not have a SAML option in your menu contact support to get this enabled.

Screenshot of SAML update interface

Enter the Issuer and Consume URL information into Okta.

Screenshot of OKTA SAML update page

And confirm you’re using CloudCannon as an internal application.

Screenshot of Okta SAML confirm screen

CloudCannon Configure#

View the setup instructions for your newly created application on Okta.

Screenshot of Okta SAML configuration interface

Copy the Identity Provider Single Sign-On URL and X.509 Certificate.

Screenshot of Okta SAML Identity details

Enter the Identity Provider Single Sign-On URL and X.509 Certificate information into CloudCannon.

Screenshot of SAML interface with details updated

Open in a new tab