Configuring Your Okta SSO Provider

From TeamServer ER/Studio
Jump to: navigation, search

Go Up to Setting Up Single Sign On (SSO)

Use the following steps to configure your Okta authentication process:

  1. Create an account at https://www.okta.com/.
  2. Once in the Okta application, expand the Applications menu, and then click Applications as shown in the following image.
    ERTS 193 Okta Applications.png
  3. Click Create App Integration to begin the process of registering the new application.
  4. In the Create a new app integration window, select OIDC - OpenID Connect for the sign-in method, and then select Web Application as the application type.
    ERTS 193 Okta App Integration.png
  5. Click Next. The New Web App Integration page appears, as shown in the following image. Note: Please also check grant type "client credentials"
    ERTS 193 Okta New Web App Integration.png
  6. Complete the appropriate fields in the New Web App Integration page. If at any time you need Okta help, click the adjacent Learn More link. Fields of note include:
    • Refresh Token. A refresh token allows you to obtain multiple temporary access tokens without collecting credentials each time a token expires.
    • Sign-in redirect URIs. The sign-in redirect URL must use the following format: http://desktop-I5i6j1s/azureSSO/login/oauth2/code/okta or http://desktop-I5i6j1s:8443/azureSSO/login/oauth2/code/okta, where desktop-I5i6j1s and desktop-I5i6j1s:8443 are replaced by your actual domain / port configured for Team Server. Note that if the redirect URL is not properly configured, then the application displays an Okta 404 error. You can find the redirect URL used by the application from the browser string. Copy that string and then use it in your application to prevent any mistyped characters.
    • Sign-out redirect URIs. Optional. The sign-out redirect is required when the user is logging out and the SSO provider then redirects the user to a certain page after logging out. The URL must use the following format: http://desktop-I5i6j1s:80/login or http://desktop-I5i6j1s:8443/login, where desktop-I5i6j1s:80 and desktop-I5i6j1s:8443 are replaced by your actual domain / port configured for Team Server. Note that if the Redirect URL is not properly configured, then the application displays an Okta 404 error. You can find the redirect URL used by the application from the browser string. Copy that string and then use it in your application to prevent any mistyped characters.
    • Controlled access. Select one of the available options depending on how you want the application integration available to users in your environment. Options include allowing all users, select users, and skip assignment until later.
  7. Once you complete all of the necessary fields, click Save. The application is now registered on Okta.
  8. Copy the displayed client ID and client secret information for later use when you must type it into the Configuration in SSO Details page.
  9. In the menu on the left, expand the Security menu, and then click API as shown in the following image.
    ERTS 193 Okta API.png
  10. Copy the Issuer URI detail between https:// and /oauth2/default to use as the domain for the Okta application. For example, if the Issuer URI is https://dev-1234567.okta.com/oauth2/default, then the detail for your domain is dev-1234567.okta.com.
  11. Add a scope to the API by the name "ApplicationTest"

Application registration is complete for Okta. You can now use the Domain Id, Client Secret, and Tenant Id copied from previous screens, and add them to the SSO Config page in Team Server Configurator. Once you apply that information, click the Test button. If all of the details are correct, the Update button is enabled. When you click that button, the information is encrypted and saved in a property file, and then Team Server restarts. Once the restart is complete, the Login by SSO button is enabled on the Login page.

Creating a New user Account in Okta

Use the following steps to create a new user account in Okta.

  1. Once in the Okta application, expand the Directory menu, and then select People.
  2. Click Add person, as shown in the following image.
    ERTS 193 Okta Users.png
  3. Complete the appropriate fields to create a new user account, and then click Save. If you are creating multiple users, use Save and Add Another as a shortcut to creating the next user account.

See Also

Retrieved from "https://docwiki.embarcadero.com/TeamServer/ERStudio/200/e/index.php?title=Configuring_Your_Okta_SSO_Provider&oldid=9466"