This article describes the procedure for configuring single sign-on via OKTA Workforce with Resolution Intelligence Cloud.
Single sign-on with OKTA enables you to sign on to the Resolution Intelligence Cloud using a single set of authentication credentials. Once you have created an SSO, you can login to your OKTA account and access external applications like Resolution Intelligence Cloud.
Here we explain the multiple steps on how to configure SSO details in OKTA using the OpenID Connect app (OIDC) integration method. Refer to this documentation for more details on the OIDC method.
Okta can act as an identity provider and service provider. In the document, we are using Okta as an identity provider.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Configuring SSO in OKTA
To connect your Okta tenant as an identity provider in Resolution Intelligence Cloud, you must create an OIDC application in your OKTA account.
- In your Okta Admin Dashboard, click Create a new application.
- From the left menu, click Applications.
An application browser opens.
3. Click Create App Integration --> Create New App.
A new app integration screen appears
4. In Sign-in method, choose OIDC – Open ID Connect.
5. In Application Type, choose Web Application.
6. Click Next.
7. Enter an App integration a name.
8. In the Sign-in redirect URIs field, add the following callback URLs.
9. Click Save.
A Client ID and Client Secret fields are autogenerated.
Note: Save these details to use later to configure your Okta Connection in Resolution Intelligence Cloud.
Testing SSO in OKTA
After you have configured an SSO in OKTA, add a user to your Okta application to test. Create a new user or add an existing user in Okta Directory.
To add or create a user,
- In your Okta Admin Dashboard, navigate to Directory > People.
- Select Add Person.
- Enter user test details, including a password.
- Click Save to save the test user.
- In the Directory, select a user.
- Navigate to the Applications tab and choose Assign Applications.
- Select an application name that you created in the previous procedure.
Configuring OKTA Workforce connection in Resolution Intelligence Cloud
To configure OKTA Workforce connection,
- In Resolution Intelligence Cloud, Click on Configurations -> Authentication
- Click on Setup provider for Okta Workforce
- Enter the following fields and click Create at the bottom of your screen
|Logical identifier for your connection; it must be unique. Once set, this name can't be changed.
Enter your domain name related to your organization. For example,
|Enter your client ID which is generated while you configure SSO in OKTA account. See step 9 in Configuring SSO in OKTA
|Enter your client secret which is generated while you configure SSO in OKTA account. See step 9 in Configuring SSO in OKTA
|Identity Provider Domains
|Enter a list of trusted domains with which you want to be identified as identity providers. These are the domains that user accounts have. Examples: user login is email@example.com, enter contoso.com. If there are multiple domains, then enter all the domains as comma-separated list.
|Multi-Factor Authentication (MFA) can be disabled or enabled at any point during or after setting up the Single Sign-On (SSO) connection. It is important to note that MFA functionality is exclusive to the SSO connection and applies solely to users logging in via the domain specified under "identity provider domains." By default, MFA is disabled. To activate it, tick mark the checkbox labelled "Enable MFA while user login."
4. You have established Okta Workforce connection successfully
Invite User with SSO Integration
- For users to be able to login using SSO, they must be re-invited using the SSO connection.
- An existing Owner or Global Admin user with local authentication logged in, add a new user with Owner role by enabling the newly created SSO integration in Resolution Intelligence Cloud.
3. A newly invited user will be redirected to the OKTA application for authentication.
4. For existing users with local authentication, users must be deleted and re-invited using an SSO connection."