Introduction

This document provides instructions to configure Okta (OIDC) as an Identity Provider for Oloid Single Sign-On (SSO).

Prerequisites

You must have admin access to the Okta Admin Console
Okta OIDC (OpenID Connect) support enabled.

Steps to add Identity Provider

On the home page of the Okta Admin Console, go to Security > Identity Providers.
Select Add Identity Provider.

The identity provider list is displayed.
Select OpenID Connect and click Next.

The Configure OpenID Connect IdP dialog box is displayed.
Do the following
1. Under General settings section:
  1. Name: Enter a name for the Identity Provider configuration.
  2. Scopes: Leave the defaults. These scopes are included when Okta makes an OpenID Connect request to the Identity Provider.
2. Under Client details section:
  1. Enter Client ID.
  2. Enter Client Secret.
    
    Note: You can find the Client ID and Client Secret in the Tenant Admin Portal. On the Tenant Admin Portal, go to Identity Provider > IDP Details > Meta Data tab.
3. Under Endpoints section:
  1. Enter Issuer.
  2. Enter Authorization endpoint.
  3. Enter Token endpoint.
  4. Enter JWKS endpoint.
    
    Note: You can find the Issuer, Authorization Endpoint, Token Endpoint and JWKS Endpoint in the Tenant Admin Portal. On the Tenant Admin Portal, go to Identity Provider > IDP Details > Meta Data tab.
Under Authentication Settings section,
1. Select Enable automatic linking from Account Link Policy.
2. If no match is found, select Reject the authentication responses from IdP.
Click Finish.
The newly created IDP is listed under Security > Identity Providers.
Note: In the search bar, you can search using identity provider name.
Go to IDP details and do the following:
1. Copy IDP ID and enter it in Tenant Admin Portal > Identity Provider > IDP Settings > IDP ID.
2. Copy Redirect URl and enter it in Tenant Admin Portal > Identity Provider > IDP Settings > Callback URL.
3. Enter https://{user-id}.okta.com/ in the Authorize URL and Redirect URL fields under Tenant Admin Portal > Identity Provider > IDP Settings. For example, https://dev-10453970.okta.com/

Add Client Application

In the Okta Admin Console, go to Applications > Applications.
Select Create App Integration.

The Create a new app integration pop-up box is displayed.
Do the following:
1. Select OIDC - OpenID Connect as the Sign-in method and Web Application as Application type.
2. Select Next.
In the next screen, configure the application.
1. Under General Settings section,
  1. Enter App integration name.
  2. Select Authorization Code as Grant type (If not already selected).
2. Enter Sign-in redirect URIs.
  Note: The Sign-in redirect URls must be set to https://{yourOrg}.okta.com.
3. Enter Sign-out redirect URIs (Optional).
  Note: The Sign-out redirect URls must be set to https://{yourOrg}.okta.com.
4. Under Assignments section, select Allow everyone in your organization to access.
Click Save.
Add the ClientID and Client Secret of the new app in Tenant Admin Portal > Identity Provider > IDP Details > IDP Settings tab.
Configure the IDP Profile in the Tenant Admin Portal:
1. On the homepage of the portal, select the preferred IDP to edit.
2. On the IDP details page, select the WebKey Application from Select WebKey Application dropdown.
Click Save.
On the top-right corner of the preferred WebKey application, select Open login URL to view the configured WebKey application in your browser.