To enable Single Sign on for Okta from SummitAI, the following configuration should be done in Okta portal. Expand |
---|
|
Expand |
---|
title | Prerequisites to be performed in Okta Portal |
---|
| Prerequisites to be performed in Okta Portal - Sign up in Okta portal using https://www.okta.com/developer/signup/.
Image RemovedImage Added Figure: Sign up
- Click Get Started. Your login URL is displayed. Login to Okta using this URL. You will receive a confirmation mail. Set your password by clicking this link.
Image RemovedImage Added Figure: Okta URL
- Specify your User Name and Password and click Sign In.
Image RemovedImage Added Figure: Okta Login page
- On the top menu, select Security > API.
Image RemovedImage Added Figure: Security Menu
- On the API page, click Authorization Servers.
Image RemovedImage Added Figure: API Page
- On the Add Authorization Server pop-up page, Specify Name, Audience, and Description. For more information about these fields, refer https://developer.okta.com/authentication-guide/implementing-authentication/set-up-authz-server.html.
Image RemovedImage Added FigureFigure: Add Authorization URL Pop-up page
Under the Settings section, the issuer field is displayed. Store this URL securely. Image RemovedImage Added FigureFigure: Settings section Note |
---|
| The Issuer URL displayed here should be entered in the Authorization URL, Access Token URL, and User Info URL fields of SummitAI application. |
- Select Access Policies and click Add Policy. The Add Policy pop-up page is displayed.
Image RemovedImage Added Figure: Add Policies pop-up page
- On the Add Policy pop-up page, specify the Name, and Description and click Create Policy.
Image RemovedImage Added Figure: Add Policy page.
- On the Add New Access Policy page, create Add Rule.
Image RemovedImage Added Figure: Add New Access Policy Page
- On the Add Rule pop-up page, specify the Rule Name and click Create Rule.
Image RemovedImage Added Figure: Add Rule Pop-up page
- On the top menu, hover your mouse over Applications and select Applications.
Image RemovedImage Added Figure: Applications
- On the Applications page, click Add Application and then click Create New App.
Image RemovedImage Added Figure: Add Application
- On the Create New Application pop-up page, select the platform as Web and Sign On Method as OpenID Connect.
Image RemovedImage Added Figure: Create New App page
On the Create OpenID page, specify the Application Name and the Redirect URL. Image RemovedImage Added Figure: Create OpenID page Note |
---|
| The Redirect URL specified here should be entered in the Redirect URL field of SummitAI application. |
On the General Settings Page, click Edit and select all the available options under Allowed grant types. The Client ID and Client Secret are displayed under Client Credentials section. Store them securely. Image RemovedImage Added Figure: General Settings page Note |
---|
| The Client ID and Client Secret displayed here should be entered in the Client Id and Client Secret Key fields of SummitAI application. |
- You can add multiple People or Groups to the application under the Assignments section.
Figure: Add Assignment page
|
Expand |
---|
title | Configuration in SummitAI Application |
---|
| To Configure SSO for Okta from SummitAI: - Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Okta - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field DescriptionThe following table describes the fields on the SSO CONFIGURATION page: Fields | Description |
---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. | URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews | Grant Type | Select the Grant Type as Authorization Code from the drop-down list. | Authorization URL | Specify the following Authorization URL: urlfromoktaportal/v1/authorize | Access Token URL | Specify the following Access Token URL: urlfromoktaportal/v1/token | Client ID | Specify the Client ID. This is the Application ID from Okta portal. Refer to Prerequisites section for more information about this field. | Client Secret Key | Specify the Client Secret Key. This is the Password generated from Okta portal. Refer to Prerequisites section for more information about this field. | User Information URL | Specify the following User Information URL: urlfromoktaportal/userinfo | Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Okta portal. Eg: https://baseurl/SUMMIT_SAMLResponse.aspx | ACS URL | Specify the ACS URL. | Include ACS URL | If selected, the ACS URL is included. | Scope | Specify the scope as openid email profile address phone offline_access | Response Attribute | Specify the Response Attribute as email. | User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Okta authentication method. | Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. | Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. | Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
|
|
Expand |
---|
|
Expand |
---|
title | Prerequisites to be performed in Okta Portal |
---|
| Prerequisites to be performed in Okta Portal - Sign up in Okta portal using https://www.okta.com/developer/signup/.
Image RemovedImage Added Figure: Sign up
- Click Get Started. Your login URL is displayed. Login to Okta using this URL. You will receive a confirmation mail. Set your password by clicking this link.
Image RemovedImage Added Figure: Okta URL
- Specify your User Name and Password and click Sign In.
Image RemovedImage Added Figure: Okta Login page
- On the top menu, select Security > API.
Image RemovedImage Added Figure: Security Menu
- On the API page, click Authorization Servers.
Image RemovedImage Added Figure: API Page
- On the Add Authorization Server pop-up page, Specify Name, Audience, and Description. For more information about these fields, refer https://developer.okta.com/authentication-guide/implementing-authentication/set-up-authz-server.html.
Image RemovedImage Added FigureFigure: Add Authorization URL Pop-up page
Under the Settings section, the issuer field is displayed. Store this URL securely. Image RemovedImage Added FigureFigure: Settings section Note |
---|
| The Issuer URL displayed here should be entered in the Authorization URL, Access Token URL, and User Info URL fields of SummitAI application. |
- Select Access Policies and click Add Policy. The Add Policy pop-up page is displayed.
Image RemovedImage Added Figure: Add Policies pop-up page
- On the Add Policy pop-up page, specify the Name, and Description and click Create Policy.
Image RemovedImage Added Figure: Add Policy page.
- On the Add New Access Policy page, create Add Rule.
Image RemovedImage Added Figure: Add New Access Policy Page
- On the Add Rule pop-up page, specify the Rule Name and click Create Rule.
Image RemovedImage Added Figure: Add Rule Pop-up page
- On the top menu, hover your mouse over Applications and select Applications.
Image RemovedImage Added Figure: Applications
- On the Applications page, click Add Application and then click Create New App.
Image RemovedImage Added Figure: Add Application
- On the Create New Application pop-up page, select the platform as Web and Sign On Method as OpenID Connect.
Image RemovedImage Added Figure: Create New App page
On the Create OpenID page, specify the Application Name and the Redirect URL. Image RemovedImage Added Figure: Create OpenID page Note |
---|
| The Redirect URL specified here should be entered in the Redirect URL field of SummitAI application. |
On the General Settings Page, click Edit and select all the available options under Allowed grant types. The Client ID and Client Secret are displayed under Client Credentials section. Store them securely. Image RemovedImage Added Figure: General Settings page Note |
---|
| The Client ID and Client Secret displayed here should be entered in the Client Id and Client Secret Key fields of SummitAI application. |
- You can add multiple People or Groups to the application under the Assignments section.
Figure: Add Assignment page
|
Expand |
---|
title | Configuration in SummitAI Application |
---|
| To Configure SSO for Okta from SummitAI: - Select Admin > Basic > Infrastructure > SSO Configuration. The SSO CONFIGURATION page is displayed.
- On the SSO CONFIGURATION page, select OAuth under the Authentication Type and click ADD NEW on the ACTIONS Panel.
Figure: SSO Configuration: OAuth_Okta - Specify the required details and click SUBMIT. For more details about the fields on the SSO CONFIGURATION page, see Field Description.
Field DescriptionThe following table describes the fields on the SSO CONFIGURATION page: Fields | Description |
---|
Domain | Select the domain name from the list. The Facebook OAuth based authentication will be configured for the selected domain. Note: This field is not visible for single domain users. | URL | Specify the Mobile Web Service URL. Example: https://baseurl/mobilews | Grant Type | Select the Grant Type as Implicit from the drop-down list. | Authorization URL | Specify the following Authorization URL: urlfromoktaportal/v1/authorize | Access Token URL | Specify the following Access Token URL: urlfromoktaportal/v1/token | Client ID | Specify the Client ID. This is the Application ID from Okta portal. Refer to Prerequisites section for more information about this field. | Client Secret Key | Specify the Client Secret Key. This is the Password generated from Okta portal. Refer to Prerequisites section for more information about this field. | User Information URL | Specify the following User Information URL: urlfromoktaportal/v1/userinfo | Redirect URL | Specify the Redirect URL. This is the same URL you have specified in the Redirect URL field of Okta portal. Eg: https://baseurl/SUMMIT_Weblogin.aspx | ACS URL | Specify the ACS URL. | Include ACS URL | If selected, the ACS URL is included. | Scope | Specify the scope as openid email profile address phone offline_access | Response Attribute | Specify the Response Attribute as email. | User Creation | Upon enabling this checkbox, the user is created if that user is not available in SummitAI database but wants to login into the SummtAI application using Okta authentication method. | Time Zone | Select the timezone from the drop-down list. The selected timezone will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. | Template Name | Select the role template from the list. The selected role template will be assigned to the newly created user. Note: This field is displayed only when the User Creation checkbox is enabled. | Logo | Upload a logo. The uploaded logo is displayed on the Login Screen. The logo image width should be less than 300px and height should be less than 48px. Supported Image formats are .gif, .jpeg, .jpg, .png, .bmp. |
|
|
|