Okta configuration as IdP for OpenID
Okta is an Identity Provider (IdP) used by Service providers. The setup and configuration are pretty straightforward and easy. Accounts should be created first with the Okta. Only the account owner or an administrator in a Document360 project can access and get the SSO setup configured.
- Sign up for the Okta at https://developer.okta.com/signup/ the Okta developer console/
- Post sign-up you would receive a mail with your login credential and account activation link on the Email provided during sign-up
- Click on the activation link and you will be redirected to your Okta Domain login page
- Log in with your credentials
- The dashboard would be displayed on the Okta developer console domain after successful login.
Adding an application
To configure an application to Okta, the user must create a new application.
- The default dashboard would be as a ‘Developer console’. It has to be changed to ‘Classic UI’
- On the top left corner of the page, you’d find a drop-down to toggle between the dashboards
- To create a new application, go to the Applications menu and click on Applications in the drop-down.
- Now click on the Add application button on the window
- On the Add Application page click on the Create New App button
- In the overlay Create a New Application Integration window select the platform as Web from the drop-down
- Now in the Sign on method select OpenID Connect and click on the Create button
- In the Name field, type in a name to identify your application
- Next, the Base URI field adds in the designated URI of your application; however, this is optional
- Now go to your Document360's SSO page
- Copy the Login redirect URI and the Logout redirect URI from the application’s SSO integration page
- Paste the copied URIs to the respective fields on the Okta Application settings page
- Usually, the Service provider hosts a route that Okta (IdP) passes information when a user Logs in. This is referred to as the Callback route or Redirect URI
- Group assignment is a collective and easier way of assigning who can access what application. This field is also optional
- Once all the required fields are provided click on the Done button