Configure Single Sign-on with Okta
In order to configure Okta with Sekoia.io, the following steps must be done:
- Create a new application in your Okta admin console
- Connect to Sekoia.io and add a new domain that belongs to your community and wait for its validation.
- Configure OpenID Connect in Sekoia.io. (see associated documentation Single Sign-On With OpenID Connect)
Create a new application in Okta
- Navigate to "admin console" > "Applications" > "Applications"
- Use the "Create App Integration" function to start the integration:
- As "Sign-in method" choose "OIDC - OpenID Connect"
- As "Application type" choose "Web Application"
- Once redirected to the "New Web App Integration", be sure to select:
- Grant type: "Client acting on behalf of a user" > "Authorization Code"
- Sign-in redirect URIs:
https://app.sekoia.io/user/callback
- Under "Assignments" > "Controlled access", you can limit access to specific groups of users. During tests, you can use the option "Allow everyone in your organization to access"
Configure your Okta application for Sekoia.io
Once your app has been created:
- Save the "Client ID" & "Client secret" for later use.
- Save your Okta domain. You can find this by navigating to the user menu in the top right corner of the Okta interface, and it will be listed under your email address. You will need it to provide it in Sekoia.io "Authentication provider base URL" field:
https://${yourOktaDomain}/
!!! note You can find more info on Okta documentation: Composing your base URL. Be aware that, your Okta domain is not the domain of the "Okta Admin Console".
You are ready to input your configuration to Sekoia.io.
Display Sekoia.io application icon to your Okta users
When your users login to Okta, the Sekoia.io app can be displayed. This feature allows users to quickly connect to their apps.
- Navigate to "Okta admin dashboard" > "Applications" > "Applications": choose your application
- Under "General Settings" > "Edit" > "Login", select "Either Okta or App" as the login initiation method
- Under "Application visibility", choose: "Display application icon to users"
- Under "Login flow", choose: "Redirect to app to initiate login (OIDC Compliant)"
- In the "Initiate login URI", input your Sekoia.io SSO login URL (This URL is displayed in the Sekoia.io SSO configuration page at "Managed communities" > "Security" > "Configure single Sign-on (SSO)" > "Configure")
- Save your changes
- Visit the end user dashboard to validate that your changes are working as expected
Restrict access
Okta can be configured to restrict which users are allowed to access Sekoia.io.
To restrict access to a user or a group of users, follow these steps:
- In "Applications" > "Applications": select your application
- In "Assignments" > "Settings icon" > "Assign": you can select "Assign to People" or "Assign to Groups"
Readings
- Okta documentation: Build a Single Sign-On (SSO) integration