SSO Configuration - Okta
This guide will walk you through integrating Single Sign-On (SSO) using the Okta Identity Platform with InfoSum, allowing your users to securely access InfoSum with their Okta credentials. With this setup, user authentication will be managed by Okta, simplifying your access management process.
To complete the setup, you will:
- Register an OpenID Connect (OIDC) application in Okta.
- Retrieve key credentials (Client ID, Client Secret, and OIDC Discovery URI).
At the end of the guide, you’ll find troubleshooting tips to resolve common setup issues.
Note: Make sure you have administrative access to your Okta environment. If you're new to Okta, please refer to their OIDC application setup documentation.
Step-by-Step Guide
Step 1: Register a New OIDC Application in Okta
-
Log in to the Okta Admin Console:
- Go to your Okta admin subdomain (e.g., companyname-admin.okta.com).
-
Navigate to Applications:
- From the sidebar, go to Applications > Applications.
- Click Create App Integration.
-
Select the OIDC Integration Type:
- In the Create a New App Integration wizard, choose:
- Sign-in method: OIDC - OpenID Connect
- Application type: Web Application
- In the Create a New App Integration wizard, choose:
-
Enter App Integration Details:
- App name: Enter a name, such as “SSO for InfoSum”.
-
Sign-in Redirect URI: Enter the Redirect URI provided by InfoSum (e.g., https://accounts.infosum.com/authorization-code/callback/{customername-IDPType}).
- Example: https://accounts.infosum.com/authorization-code/callback/infosum-okta
- Sign-out Redirect URIs: (Optional) Add a URL for post-logout redirection.
-
Assign the Appropriate Grant Types:
- Ensure Authorization Code and Refresh Token are checked.
- Login Initiated By: Select either Okta or App to allow login initiation from either platform.
-
Save the App Integration:
- Click Save to complete registration.
Step 2: Configure Okta Authentication Settings
-
Assign Users or Groups:
- In the app settings, go to Assignments > Assign.
- Choose users or groups to grant access to the application.
-
Set up OIDC Scopes:
- Under General Settings, ensure the default scopes (openid, profile, email) are enabled.
- If additional scopes are needed, add them under API Scopes.
Step 3: Retrieve Required Credentials
-
Client ID:
- Navigate to the General tab of your application settings and copy the Client ID.
-
Client Secret:
- Click Edit to generate a new Client Secret if needed. Save it securely, as it won’t be shown again.
-
OIDC Discovery URI:
- The OIDC discovery endpoint is typically structured as follows:
- https://<your-okta-domain>/oauth2/default/.well-known/openid-configuration
- Replace <your-okta-domain> with your Okta domain (e.g., yourcompany.okta.com).
- The OIDC discovery endpoint is typically structured as follows:
Provide Information to InfoSum
After completing the above steps, share the following details with InfoSum:
- Client ID: The public identifier for your app.
- Client Secret: A confidential value used to authenticate your app.
- OIDC Discovery URI: https://<your-okta-domain>/oauth2/default/.well-known/openid-configuration
Once InfoSum has finished setting up your SSO, you can test your login by following the direct login URL provided by InfoSum:
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-okta
Alternatively, you can use the "Sign in with Private SSO" option at the bottom of the InfoSum login screen, which will direct you to your Okta login portal after entering your email address.
Common Issues and Troubleshooting
-
Invalid Client ID or Secret Error:
- Ensure the Client ID and Client Secret are copied correctly. Verify that the Client Secret hasn’t expired or been reset without updating InfoSum.
-
Redirect URI Mismatch Error:
- Confirm that the Redirect URI matches exactly with what was configured in Okta, paying attention to case sensitivity and any trailing slashes.
-
Unauthorized Access Error:
- Make sure that the users or groups attempting to log in have been assigned to the application.
- Review your Okta policies to ensure there are no restrictions blocking access.
-
Token Expiration or Invalid Token Errors:
- Verify that the Refresh Token grant type is enabled.
- Ensure that clocks are synchronized across systems to avoid token validation issues.
-
OIDC Discovery URI Not Found:
- Confirm your Okta domain and ensure the application was registered under the correct tenant.
- Verify that the authorization server being used matches the one referenced in the discovery URI.
Conclusion
By following this guide, you will successfully configure SSO with Okta. Once the integration is complete, your users will be able to log in to InfoSum using their Okta credentials, enhancing security and improving user experience.
If you encounter any issues during setup, please reach out to our support team at support@infosum.com.