Self Hosted
Okta (Custom App - OnPrem)
Internal OIDC supports Service Provider (SP)-Initiated Authentication and Identity Provider (IdP)-Initiated Authentication (SSO) flows.
When using the Okta OpenID integration, the Okta user's email address must match the Internal user's email address.
In Okta's Admin Portal:
- Login to the Okta Integration Network
- Select 'Create New App'
- Choose 'Web' for 'Platform' and 'OpenID Connect' for 'Sign on method'
- Select 'Create'
- Enter 'Internal OpenID Connect - OnPrem' for 'Application Name'
- Enter https://{domain}/api/sso/{externalKey}/auth/ as a 'Login redirect URI'.
- Select 'Save'
- On the 'General' tab, select 'Edit' next to 'General Settings'
- Under 'Allowed Grant Types', ensure that 'Authorization Code' and 'Implicit (Hybrid)' are selected.
- Ensure that 'Login Initiated By' is set to 'Either Okta or App'.
- Enter https://{domain}/api/sso/{externalKey}/login/ as the 'Initiate Login URI'.
- Select 'Save'
- Find the Client ID, Client Secret, and Okta Domain. Copy these to reference for later.
In Internal's Single Sign-On Settings:
The Internal Single Sign-On Drawer
- Navigate to 'Company Settings'
- Select the 'Security' tab
- Select 'Single Sign-On' to open the Single Sign-On drawer.
- From the Single Sign-On drawer, select 'Okta OpenID Connect' from the drop down.
- Referencing the values copied from the Okta Admin Portal, configure the following fields in Internal:
- Okta Domain
- Okta Client ID
- Okta Client Secret
- Click 'Save'
- In order to test this authentication method, navigate back to the Single Sign-On drawer and select 'Test Okta Configuration'. If everything looks good, you'll be redirected to Okta and back to the Single Sign-On drawer with confirmation.
