The Okta Identity Cloud is an independent and neutral platform that helps companies to manage and secure user authentication into modern applications, and for developers to build identity controls into applications, website web services and into devices.
See also: https://www.okta.com/
d!nk SSO is compatible with Okta using the OpenID Connect protocol and the SAML 2.0 protocol
1. Single Sign-On (SSO) using SAML 2.0 protocol
1.1. Configuring Okta application
d!nk has to be added as a SAML Application in Okta. That process is described at https://developer.okta.com/standards/SAML/setting_up_a_saml_application_in_okta
d!nk will provide you the SAML 2.0 SSO service URL after sending an email to support@dink.eu.
The images below show some examples of configuration:
After setup, the application should look similar to the image below in Okta application management:
The application needs to be assigned to specific people or groups.
1.2. Needed information for d!nk
Following information needs to be provided to d!nk:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
This information can be obtained by looking at the “View Setup Instructions”.
Here's an example:
1.3. Required claims
You will need to provide at least the following user attributes (can be configured during setup or afterwards):
- First name - JwtClaimTypes.GivenName ("given_name")
- Last name - JwtClaimTypes.FamilyName ("family_name")
- Email - JwtClaimTypes.Email ("email")
An example of the attribute statements to be send to d!nk:
2. Single Sign-On (SSO) using OpenID Connect protocol and Okta.
2.1. Configuring Okta application
d!nk has to be added as a OpenID Connect Application in Okta. That process is described at https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard.htm
or https://developer.okta.com/blog/2017/06/29/oidc-user-auth-aspnet-core
d!nk will provide required redirect URIs.
The images below show some examples of configuration:
After setup, the application should look similar to the image below in Okta application management:
Additionally, URI needs to be added to CORS settings to be able to use the API. From Security menu item from the dashboard choose API from the drop down menu. Then select the Trusted Origins tab. Click on Add Origin and add provided URL (like https://test-identity.dink.eu) as a trusted origin. Make sure that CORS and Redirect are selected.
The application needs to be assigned to specific people or groups.
2.2. Needed information for d!nk
Following information needs to be provided to d!nk:
- Client ID
- Client secret
- Authority - authorization endpoint for Identity Provider
This information can be obtained by looking at the “Client Credentials” part of the defined application.
Here's an example:
Comments