Okta configuration as IdP for OpenID
Okta is an Identity Provider (IdP) used by Service providers. The setup and configuration are pretty much straight forward and easy. Accounts should be created first with the Okta. Only the account owner or an administrator in a Document360 project can access and get the SSO setup configured.
- Sign up onto the Okta at https://developer.okta.com/signup/ the Okta developer console/
- Post sign-up you would receive a mail with your login credential and account activation link on the Email provided during sign-up
- Click on the activation link and you would be redirected to your Okta Domain login page
- Login with your credentials
- On successful login, the dashboard would be displayed on the Okta developer console domain.
Adding an application
To configure an application to Okta, the user must create a new application.
- The default dashboard would be as a ‘Developer console’. It has to be changed to ‘Classic UI’
- On the top left corner of the page, you’d find a drop-down to toggle between the dashboards
- To create a new application, go to Applications menu and click on Applications in the drop-down.
- Now click on the Add application button on the window
- On the Add Application page click on the Create New App button
- In the overlay Create a New Application Integration window select the platform as Web from the drop-down
- Now in the Sign on method select OpenID Connect and click on the Create button
- In the Name field, type in a name to identify your application
- Next the Base URI field add in the designated URI of your application; however, this is optional
- Now go to your Document360's Enterprise SSO page
- Copy the Login redirect URI and the Logout redirect URI from the application’s SSO integration page
- Paste the copied URIs to the respective fields on the Okta Application settings page
- Usually the Service provider hosts a route that Okta (IdP) passes information when a user Logs in. This is referred to as Callback route or Redirect URI
- Group assignment is a collective and easier way of assigning who can access what application. This field is also optional
- Once all the required fields are provided click on Done button