This document helps you configure Single Sign-on (SSO) authentication using Applixure's Okta integration and describes the capabilities of the SSO-integration with Okta.
Requirements
Before configuring SSO in your Applixure Analytics Account or Environment based on the main SSO article linked above, you will need to perform steps inside Okta to make OIDC integration application available to use for making connection in Analytics (see Configuration steps below).
For this, you will need to have an existing Okta organisation available and a user account in Okta to use that can administer this organisation.
Supported Okta features
Applixure's Okta integration supports using Service Provider (SP)-initiated SSO authentication with Okta, using OIDC authentication protocol.
Configuration steps on Okta
On the Okta organisation administration, navigate to Applications->Applications and press the Browse App Catalog button. From the opened App Integration Catalog, search for "Applixure" and select the Applixure Single Sign-On application and press Add Integration to add it to your applications. You can accept the default setting by pressing Done.
After the Applixure Application has been added to your list of Applications in Okta administration, open it and navigate to Okta API Scopes tab. Find a scope called "okta.orgs.read" and grant access to that scope by pressing Grant button so that the list shows like in the screenshot below:
Enabling this scope for Applixure allows the integration setup to read and display your organisation's name when setting up the SSO and for reference later when displaying the already enabled SSO configuration.
You will also need information from the Sign On tab for the Application during the configuration steps on Applixure Analytics as detailed below.
Configuration steps on Analytics
Once you have added the integration on Okta's side, please refer to our main SSO article for overall information on enabling and using SSO within Applixure for your Environment and Account users. When SSO has been enabled through Analytics, it will be available for all other Applixure products' logins as well.
You will need to provide three pieces of information from your Okta organisation and the configured integration application (from the previous section), in order to establish a connection between Applixure and Okta:
-
Okta custom domain: This can be the Okta-created URL for your organisation's login (in the form of https://organisation.okta.com, or a complete custom domain you have yourself configured in Okta to be used for logins, such as https://custom.customdomain.com).
You can see your custom domains, for instance, from the Okta's administration interface, under Customizations->Brands, and looking for the Custom Domain column:
You should use the one your users normally use to authenticate using Okta. When adding this custom domain, you can enter it into Applixure's SSO configuration screen as shown in the list or as the URL.
-
Client ID: Browse to the Applixure application added to your Okta organisation's application integrations, and navigate to the Sign On -tab. On that tab, under OpenID Connect section, there is a Client ID shown that has to be used.
- Client secret: As with the Client ID, you can find the Client secret on the same location under Sign On for the integration application.
Troubleshooting
If you have trouble getting integration to work, please be in contact with Applixure support.
0 Comments