SELF HOSTED
/
Okta (Custom App - OnPrem)
Menu
Getting Started
What is Internal?
Connecting to Data Sources
Glossary
Tutorials
Tool Tutorial: Client Onboarding
Tool Tutorial: Customer Support
Tool Tutorial: Approval Queue
Datasources
Airtable
Amazon Redshift
BigQuery
Cassandra
Cloud Firestore
DynamoDB
Google Sheets
HTTP Data Source
Hubspot
Maria DB
MongoDB
MySQL
PostgreSQL
S3
SQL Server
SSH Tunneling
Salesforce
Snowflake
Stripe
Zendesk
Functions
Introduction to Functions
MongoDB Functions
SQL Functions
Multi-Function Execution
Binary Data
Multipart Functions and Form Encoding
Data Transformation
HTTP Functions
Dynamic Parameters
Filter, Sort, Pagination (Reserved Parameters)
Spaces
Introduction to Spaces
Auto-generated Spaces
Version History and Restore Versions
Creating and Publishing Spaces
Environments
Field Configuration
Data Display Options
How to Delete a Space
Current User
URL Parameters
Visibility Rules
Components
Introduction to components
Bulk Action
Button
Card List
Chart
Checkbox 
Data Export
Date Time Picker
Detail
Dropdown
File Picker
Flexbox
Form
Function Component
Image
Input
JSON Input
JSON Viewer
Link
Pop-up Form
Radio Button
S3 Uploader
Stat
Table
Tag Selector
Text
Text Area
Self Hosted
Okta (Custom App - OnPrem)
OnPrem Deployment (Docker)
Settings
Auth Providers
Auth0 x Internal
Managing Data Sources
Permissioned Data Flows
Single Sign-On (SSO)
Two-Step Verification
Users

Okta (Custom App - OnPrem)

Internal ODIC supports Service Provider (SP)-Initiated Authentication and Identity Provider (IdP)-Initiated Authentication (SSO) flows.

When using the Okta OpenID integration, the Okta user's email address must match the Internal user's email address.

In Okta's Admin Portal:

  1. Login to the Okta Integration Network
  2. Select 'Create New App'
  3. Choose 'Web' for 'Platform' and 'OpenID Connect' for 'Sign on method'
  4. Select 'Create'
  5. Enter 'Internal OpenID Connect - OnPrem' for 'Application Name'
  6. Enter https://{domain}/api/sso/{externalKey}/auth/ as a 'Login redirect URI'.
  7. Select 'Save'
  8. On the 'General' tab, select 'Edit' next to 'General Settings'
  9. Under 'Allowed Grant Types', ensure that 'Authorization Code' and 'Implicit (Hybrid)' are selected.
  10. Ensure that 'Login Initiated By' is set to 'Either Okta or App'.
  11. Enter https://{domain}/api/sso/{externalKey}/login/ as the 'Initiate Login URI'.
  12. Select 'Save'
  13. Find the Client ID, Client Secret, and Okta Domain. Copy these to reference for later.

In Internal's Single Sign-On Settings:

The Internal Single Sign-On Drawer

  1. Navigate to 'Company Settings'
  2. Select the 'Security' tab
  3. Select 'Single Sign-On' to open the Single Sign-On drawer.
  4. From the Single Sign-On drawer, select 'Okta OpenID Connect' from the drop down.
  5. Referencing the values copied from the Okta Admin Portal, configure the following fields in Internal:
  6. Okta Domain
  7. Okta Client ID
  8. Okta Client Secret
  9. Click 'Save'
  10. In order to test this authentication method, navigate back to the Single Sign-On drawer and select 'Test Okta Configuration'. If everything looks good, you'll be redirected to Okta and back to the Single Sign-On drawer with confirmation.