Okta is a single sign-on provider that can be connected to the WoodWing Identity Service (WIS) using the OIDC protocol.
How this is done is explained in this article.
The process is as follows:
- A new OIDC application is created in Okta
- The WoodWing Identity Service is configured
Creating a new OIDC application in Okta
In this step, a new OIDC application is created in Okta. This involves steps in the WoodWing Identity Service and in Okta.
Steps in the WoodWing Identity Service
Step 1. Log in to the WoodWing Identity Service as a user that is part of a group with the role of 'owner'.
Step 2. Access the Settings page.
A page appears with information about the organization, including any identity provider that is set up.
Step 3. Under Identity provider, click Set up or edit.
A panel appears in which the identity provider can be configured.
Step 4. Select the OIDC tab.
Step 5. At the top of the tab, copy the redirect URI by clicking the Copy button.
This is used in the next step for setting up Okta.
Tip: Leave the Settings page open in its own tab, we will come back to this page at after setting up Okta.
Steps in Okta
In this step, a new OIDC application is created in Okta.
Tip: Perform these steps in a separate tab. Click an image for a larger view.
Step 1. Access Okta, expand the Applications section in the menu on the left and click Applications.
The Applications page appears.
Step 2. Click Create App Integration.
In the Create a new app integration dialog that appears, select the following:
- Sign-in method: OIDC - OpenID Connect
- Application type: Web Application
Step 3. Click Next.
The General settings appear.
Step 4. In the Sign-in redirect URIs field, paste the URI that was copied from the WoodWing Identity Service earlier.
Step 5. In the Selected groups(s) field at the bottom, add the groups that need access to the app.
The permissions in the WoodWing Identity Service and in the WoodWing applications are based on the group memberships of the user.
For this, Okta needs to send a so-called 'groups' claim in the ID token, containing the groups that the WoodWing Identity Service should use for the user.
Step 5. Navigate to the Sign On tab of the application, scroll down to the OpenID Connect ID Token section, and modify the Groups claim filter to configure the groups that should be sent as the groups claim to the WoodWing Identity Service.
Step 6. Navigate to the Client Credentials on the General tab.
Step 7. Copy the Client ID and Client Secret and paste them in the corresponding fields in the OIDC tab in the WoodWing Identity Service (see Steps in the WoodWing Identity Service at the top of this article). When done, click Set up to save the configuration.
Additional configuration in the WoodWing Identity Service
Return to the OIDC settings page in the WoodWing Identity Service.
In the Well-known URL field, paste the Okta /.well-known/openid-configuration URL as follows:
https://{your-okta-org}/.well-known/openid-configuration
This typically looks as follows: https://{your-okta-domain}.okta.com/.well-known/openid-configuration.
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.