Okta (OIDC - OpenID Connect)

Owned by Ryan Seymour, created
Last updated: Feb 16, 2024
4 min read
https://www.okta.com/

Okta - Overview

You can configure Okta (OIDC using OpenID Connect) as an Identity Provider in Zitadel to log in with the external provider option during login to the ConnectSecure portal.

Zitadel for ConnectSecure: https://authprod.myconnectsecure.com

ConnectSecure Portal: https://portal.myconnectsecure.com

Okta - Setup

Register New Client

  1. Log in to your Okta account and visit the applications list <OktaDomain/admin/apps/active>

  2. Click on ‘Create App Integration’ and choose ‘OIDC - OpenID Connect’

  3. Choose Web Application as Application Type and give it a name

  4. Add the sign-in redirect URIs

  5. Select the sign-in method as OpenID-Connect

  6. Select Application Type as Web Application

image-20240216-142203.png

  1. Sign-in redirect URLs {your-domain}/ui/login/login/externalidp/callback

Example: URL for domain https://acme-gzoe4x.zitadel.cloud would look like this:

https://acme-gzoe4x.zitadel.cloud/ui/login/login/externalidp/callback

image-20240216-142520.png

  1. Select your Assignment for Controlled Access settings.

  1. Client ID and Client Secret

  1. Click on the sign-on tab, scroll down, and click on OpenID Connect ID Token. The issuer URL can be copied from here, edited, set Okta URL as Issuer, and saved.

  1. Copy the Issuer URL and paste it under the Zitadel OIDC provider.

Zitadel - Setup

Add Custom Login Policy

  1. Go to Settings and choose Login Behavior.

  2. Enable the attribute ‘External IDP Allowed’

  1. Go to the Identify Providers page and select the Generic OIDC tile

  1. Enter a Name, the Issuer URL, and the Client ID.

Field

Description

Field

Description

Name

Give the OIDC Provider a name

Example: Okta

Issuer

The domain of your Okta account

Example: https://trial-1925566.okta.com

Client ID

Generated from the application created in Okta; see step 1 from Create New Application above

Scopes

OpenID, Profile, Email is preconfigured

Automation Creation

If this setting is enabled the user will be created automatically within Zitadel, if it does not exist.

Automate Update

Ifi this setting is enabled, the user will be updated in Zitadel if user data is changed within the provider.

Example: Last name is changed in Okta, the information will be changed in Zitadel account on next log in.

Account Creaetion Allowed

This setting determines if afccount creation within Zitadel is allowed or not allowed.

Account Linking Allowed

This setting determines if account linking is allowed. When logging in with a Okta account, a linkable Zitadel account has to exist already.

Activate Identify Provider

Once you create the provider, it will be listed in the Identity Providers overview. Activate it by selecting the tick with the tooltip set as available.

If you deactivate a provider, your users with a link to it will not be able to authenticate. You can reactivate it, and the login will work again.

Access the ConnectSecure Portal Using External Authentication

  1. Browse to https://portal.myconnectsecure.com

  2. Enter your Tenant Name and tap Use External Authentication

  1. Select the OIDC Identify Provider (Okta)

  1. If a User already exists, Link the user. If the user does not exist, register a new user.

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login