October CMS Single Sign-On ( SSO ) plugin gives the ability to enable SAML Single Sign-On (SSO) for your October CMS sites. Our October CMS SSO plugin is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure SAML SSO between October CMS site and your Identity Provider.
To integrate your Identity Provider(IDP) with October CMS, you need the following items:
October CMS should be installed and configured.
Download any Front-end user management plugins - RainLab/Buddies.
Download and Installation
Login to your October CMS site’s backend: https://example.com/backend.
From the admin dashboard, go to Settings from the main navigation bar and select Updates & Plugins.
Click on Install plugins and in the search bar type “SAML SSO”.
Click on the SAML SP Single Sign-On - SSO search result and the plugin will start installing.
Step 1: Setup Okta as Identity Provider
Follow the steps below to configure Okta as an Identity Provider
Configuring Okta as IdP
Log into Okta Admin Console. For developer account, switch to Classic UI to configure app.
Go to the Application from the left menu and then click on Add Application.
Click on Create New App.
Select SAML 2.0 as Sign on method.
Click on Create.
In General Settings, enter App Name and click on Next.
In SAML Settings, enter the following:
Single Sign On URL
Enter ACS (AssertionConsumerService) URL from the Service Provider info tab of the module.
Audience URI (SP Entity ID)
Enter SP Entity ID / Issuer from the Service Provider info tab of the module.
Default Relay State
Enter Relay State from the Service Provider info tab of the module.
Name ID Format
Select E-Mail Address as a Name Id from dropdown list.
Configure Attribute Statements and Group Attribute Statement (Optional).
For Name, enter "firstName" and select user.firstName from the value dropdown.
For Name, enter "lastName" and select user.lastName from the value dropdown.
For Name, enter "Email" and select user.email from the value dropdown.
For Name, enter "groups" and select Matches regex from the Filter dropdown and enter ".*"
After creating and configuring the app go to the Assignment Tab in Okta.
Here we select the peoples and groups you want to give access to log in through this app. Assign this to the people/group you would to give access to.
After assigning the people/groups to your app, go to Sign On tab.
Click on View Setup Instructions to get the SAML Login URL (Single Sign on URL), Single Logout URL, IDP Entity ID and X.509 Certificate. You will need this to configure the Service Provider.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.