Okta is an Identity Provider (IdP) used by Service providers. The setup and configuration are straightforward. Accounts should be created first with the Okta. Only the account owner or an administrator in a Document360 project can access and get the SSO setup configured.

Okta Signup

1. Sign up for the Okta at https://developer.okta.com/signup/ the Okta developer console
   

2. Post signup, you would receive a mail with your login credentials and account activation link on the Email provided during signup

3. Click on the activation link, and you will be redirected to your Okta Domain login page

4. Log in with your credentials

5. After successful login, The dashboard is displayed on the Okta developer console domain.

Adding an application

To configure an application to Okta, the user must create a new application.

1. The default dashboard would be as a ‘Developer console.’ It has to be changed to ‘Classic UI.’
2. On the top left corner of the page, you’d find a drop-down to toggle between the dashboards

3. To create a new application, go to the Applications menu and click on Applications in the drop-down.
4. Now click on the Add application button on the window
5. On the Add Application page, click on the Create New App button

6. In the overlay "Create a New Application Integration" window, select the platform as Web from the drop-down
7. Now in the Sign on method select OpenID Connect and click on the Create button

Application settings

1. In the Name field, type in a name to identify your application
2. Next, the Base URI field adds in the designated URI of your application; however, this is optional
3. Now go to your Document360's SSO page
   
4. Copy the Login redirect URI and the Logout redirect URI from the application’s SSO integration page
5. Paste the copied URIs to the respective fields on the Okta Application settings page
6. Usually, the Service provider hosts a route that Okta (IdP) passes information when a user Logs in. This is referred to as the Callback route or Redirect URI
7. Group assignment is a collective and easier way of assigning who can access what application. This field is also optional
8. Once all the required fields are provided, click on Done

Okta to Document360 configuration

Once the Callback route or Redirect URI has been updated, the same process must also be done on the application side.

1. The Applications page on the Okta developer console would display all the active applications
2. Click on the application you want to establish a trust relationship with
   
3. Now, from the application dashboard, go to the General tab
4. As you scroll down to the bottom of the page, you find the Client Credentials with the Client ID (Public identifier) and Client secret (the authorization code)
   
5. Click on the clipboard icon to copy the code
6. Go to the application’s SSO integration page and paste the Client ID and Client Secret authorization code in the respective fields
7. Now for the Authority field on the Document360 SSO integration page go to the Okta dashboard
8. Switch from the Classic UI to Developer console on the top left corner
9. In the Developer console page click on API from the menu and select Authorization Servers

10. Copy the Issuer URI provided and paste it in the Authority field of the Document360 Open ID integration page
11. In the Mail Domains field, enter the domains of mail IDs you would like to authorize. (For instance, yourcompany.com). You can add multiple domains to this field.

Once data in all fields are added, click on the Save button at the top right. A success message would be displayed in the top right corner, indicating that the settings have been configured.