Setting Up Integration with Okta Using SAML

Note: The IDP version 1.2-71 is required for integration with Okta.

Step 1. Choose a Brand

  1. Enable the Identity Service.
  2. Select an existing brand for which you plan to set up the integration, for example, "mybrand.com".

Step 2. Create a SAML in Okta

  1. Log in to Okta admin panel.
  2. Go to Applications, click Create App Integration and select SAML 2.0.
  3. On the General Settings step, specify the application name as "oss-brand-<brand domain>".
  4. On the Configure SAML step, enter the following values:

    ParameterValue
    Single sign on URLhttps://<brand_domain>/auth/realms/sr<brand_id>/broker/saml/endpoint
    Use this for Recipient URL and Destination URLSelect this checkbox
    Audience URI (SP Entity ID)https://<brand_domain>/auth/realms/sr<brand_id>
    Name ID formatEmailAddress
    Application usernameOkta username


    Where: <brand_id> is the brand identifier in CloudBlue Commerce.

  5. Under Attribute Statement, define a custom attribute, for example, cbcLogin with the user.login value. For additional information, refer to How to define and configure a custom SAML attribute statement.
  6. On the next step, mark this app as internal and click Finish.
  7. Click View Setup Instructions to display basic configuration parameters, which you will use later:
    • Identity Provider Single Sign-On URL
    • X.509 Certificate
  8. In the Applications > Assignments tab, assign People or Groups to this application.

Step 3. Configure External IDP Service

  1. Log in to the PCP, then go to Services > Identity Service.
  2. In the External IDP Service tab, select a brand.

  3. Check the External IDP service enabled checkbox and specify these parameters:

    Parameter Example Notes
    External IDP Login URL https://ya-cbc.okta.com/app/ya-cbc_cloudbluecommerce_1/exk4kq59vMPxORuFq695/sso/saml The Identity Provider Single Sign-On URL value from Step 2
    External IDP Logout URL https://ya-cbc.okta.com/app/ya-cbc_cloudbluecommerce_1/exk4kq59vMPxORuFq695/sso/saml The Identity Provider Single Sign-On URL value from Step 2
    External IDP display name Okta A human-readable name
    External IDP certificate in PEM format -----BEGIN CERTIFICATE-----
    <...> ....
    -----END CERTIFICATE-----    		 The X.509 Certificate) value from Step 2
    External IDP username SAML assertion attribute cbcLogin

    The custom attribute value from Step 2

Step 4. Create a User

Now, you can create a user in CloudBlue Commerce. The user log-in name must be equal to the value of the SAML assertion attribute set for External IDP username SAML assertion attribute at the previous step.

Important: Users are not created automatically, they must be created beforehand in CloudBlue Commerce.

© 2025 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.
I accept