Okta Single Sign-On Configuration Guide

Important: This guide will help you configure Okta for Single Sign-On with your domain.

Step 1: Okta Admin Console

1. Go to Okta Admin Console

2. Sign in with your administrator account

3. Navigate to "Applications" in the left sidebar

4. Click "Browse App Catalog"

Step 2: Create Custom SAML App

1. In the app catalog, search for "SAML"

2. Click on "SAML" and then "Add Integration"

3. Click "Create New App"

4. Select "Web" as the platform

5. Click "Create New App Integration"

6. Enter the following details:

App name: Your Domain SSO App
App logo: [Optional: Upload your app logo]

7. Click "Next"

Step 3: SAML Settings

1. In the "SAML Settings" section, enter:

Single sign on URL: https://yourdomain.com/api/sso/acs
Audience URI (SP Entity ID): https://yourdomain.com/api
Name ID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Attribute Statements: email, firstName, lastName

2. Click "Next"

Step 4: Feedback

1. Select "I'm an Okta customer adding an internal app"

2. Click "Finish"

Step 5: Assign Users

1. In your app, go to the "Assignments" tab

2. Click "Assign" > "Assign to People"

3. Select the users or groups you want to assign

4. Click "Assign"

Step 6: Download Configuration

1. In your app, go to the "Sign On" tab

2. Scroll down to "SAML 2.0" section

3. Click "View Setup Instructions"

4. Note the following values:

Identity Provider Single Sign-On URL: [Copy from Okta]
X.509 Certificate: [Copy from Okta]
Entity ID: https://yourdomain.com/api

Step 7: OAuth 2.0 Configuration (Optional)

1. In your app, go to the "General" tab

2. Scroll down to "App Embed" section

3. Check "Enable OAuth 2.0"

4. Add the following redirect URIs:

Redirect URIs: https://yourdomain.com/approot/sharecode

5. Click "Save"

Configuration Summary

Once you have completed all steps, enter the following information in your SSO configuration:

Note: Replace "yourdomain.com" with your actual domain name throughout this guide. The placeholders above will be automatically replaced with your actual domain when you view this guide in the application.

Step 1: Okta Admin Console

1. Go to Okta Admin Console

2. Sign in with your administrator account

3. Navigate to "Applications" in the left sidebar

4. Click "Browse App Catalog"

Step 2: Create OAuth2 App

1. In the app catalog, search for "OAuth 2.0"

2. Click on "OAuth 2.0" and then "Add Integration"

3. Click "Create New App"

4. Select "Web" as the platform

5. Click "Create New App Integration"

6. Enter the following details:

App name: Your Domain OAuth2 App
App logo: [Optional: Upload your app logo]

7. Click "Next"

Step 3: OAuth2 Settings

1. In the "OAuth2 Settings" section, configure:

Grant type: Authorization Code
Login redirect URIs: https://yourdomain.com/api/sso/oauth2/callback
Initiate login URI: https://yourdomain.com/login
Logout redirect URIs: https://yourdomain.com/api/sso/logout

2. Click "Next"

Step 4: Scopes and Claims

1. In the "Scopes and Claims" section, add:

Scopes: openid, profile, email
Claims: email, given_name, family_name

2. Click "Next"

Step 5: Assign Users

1. In your app, go to the "Assignments" tab

2. Click "Assign" > "Assign to People"

3. Select the users or groups you want to assign

4. Click "Assign"

Step 6: Client Credentials

1. In your app, go to the "General" tab

2. Note the following values:

Client ID: [Copy from Okta]
Client Secret: [Copy from Okta]
Okta Domain: [Your Okta domain, e.g., yourcompany.okta.com]

Step 7: Okta OAuth2 Endpoints

1. Note the following Okta OAuth2 endpoints:

Authorization endpoint: https://[your-okta-domain]/oauth2/v1/authorize
Token endpoint: https://[your-okta-domain]/oauth2/v1/token
User info endpoint: https://[your-okta-domain]/oauth2/v1/userinfo
OpenID Connect discovery: https://[your-okta-domain]/.well-known/openid_configuration
JWKS endpoint: https://[your-okta-domain]/oauth2/v1/keys

Configuration Summary

Once you have completed all steps, enter the following information in your SSO configuration:

Note: Replace "yourdomain.com" with your actual domain name and "[your-okta-domain]" with your Okta domain (e.g., yourcompany.okta.com) throughout this guide. The placeholders above will be automatically replaced with your actual domain when you view this guide in the application.