Single sign-on with OKTA enables you sign on to the Resolution Intelligence Cloud using a single set of authentication credentials. Once you have created an SSO, you can login to OKTA account and access external applications like Resolution Intelligence Cloud.
Here we explain the multiple steps on how you configure SSO details in OKTA using OpenID Connect app (OIDC) integration method. Refer this documentation for more details on OIDC method.
Okta can act as an identity provider and service provider. In the document, we are using Okta as an identity provider.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Configuring SSO in OKTA
To connect your Okta tenant as an identity Provider in Resolution Intelligence Cloud, you must create an OIDC application in OKTA account.
- In your Okta Admin Dashboard, click Create a new application.
- From the left menu, click Applications.
An Application browser opens.
3. Click Create App Integration --> Create New App.
A new app integration screen appears
4. In Sign-in method, choose OIDC – Open ID Connect.
5. In Application Type, choose Web Application.
6. Click Next.
7. Enter an App integration a name.
8. In the Sign-in redirect URIs field, add the following callback URLs.
9. Click Save.
A Client ID and Client Secret fields are autogenerated.
Note: Save these details to use later to configure your Okta Connection in Resolution Intelligence Cloud.
Testing SSO in OKTA
After you have configured an SSO in OKTA, add a user to your Okta application to test. Create a new user or add an existing user in Okta Directory.
To add or create a user,
- In your Okta Admin Dashboard, navigate to Directory > People.
- Select Add Person.
- Enter user test details, including a password.
- Click Save to save the test user.
- In the Directory, select a user.
- Navigate to the Applications tab and choose Assign Applications.
- Select an application name that you created in the previous procedure.
Configuring OKTA Workforce connection in Resolution Intelligence Cloud
To configure OKTA Workforce connection,
- In Resolution Intelligence Cloud, Click on Configurations -> Authentication
- Click on Setup provider for Okta Workforce
- Enter the following fields and click Create at the bottom of your screen
|Connection name||Logical identifier for your connection; it must be unique. Once set, this name can't be changed.|
|Okta Domain||Enter your domain name related to your organization. For example, netenrich.oktapreview.com, example.okta.com.|
|Client ID||Enter your client ID which is generated while you configure SSO in OKTA account. See step 9 in the Configuring SSO in OKTA|
|Client Secret||Enter your client secret which is generated while you configure SSO in OKTA account. See step 9 in the Configuring SSO in OKTA|
|Identity Provider Domains||Enter a list of trusted domains which you want to be identified as identity providers. These are the domains that users accounts have. Examples : user login is firstname.lastname@example.org, enter contoso.com. If there are multiple domains, then enter all the domains as comma-separated list.|
4. You have established Okta Workforce connection successfully
Invite User with SSO Integration
- For users to be able to login using SSO, they must be re-invited using SSO connection.
- An existing Owner/Global Admin user with local authentication logged in, add a new user with Owner role by enabling the newly created SSO integration in Resolution Intelligence Cloud.
- Newly invited user will be redirected to OKTA application for authentication.
- For exists users with local authentication, users must be deleted and re-invited using SSO connection."