Skip to main content
Skip table of contents

Configuring Okta as Identity Provider

To configure Okta as the identity provider, you need to do the following:

  1. Creating an Okta Application That Will Serve as Identity Provider: We register an application in Okta to use the service as an external identity provider. 

  2. Registering Our Okta Application in the IGEL Customer Portal: This will enable IGEL Cloud Services to use our Okta Application as the external identity provider.

  3. Configuring roles: We make the user role information accessible for the Default Directory Rules feature of the UMS.

Creating an Okta Application That Will Serve as Identity Provider

  1. Log in to Okta with your admin account, and from the Applications menu, select Applications > Create App Integration.

    e760cff8-3794-4570-b71f-8f6d755bb05d.png


  2. Edit the settings as follows and then click Next. 

    • Set Sign-in method to OIDC.

    • Set Application type to Web Application.

      83edab54-8dce-4daf-881a-731be291afc7.png


  3. Edit the settings as follows and then click Save.

    • Under App integration name, enter a name for your application, e.g. "IGEL Onboarding Service".

    • Make sure that as the Grant type, the option Authorization Code is selected.

    • Under Sign-in redirect URIs, enter "https://obs.services.igel.com/".

      10d84973-9d01-45e7-986b-c0925116fb7f.png

    • Under Assignments, depending on your company policy, either allow everyone or select an existing group configured under Directory > Groups. You can change this configuration after creating the app integration under the Assignments tab of the application.

      48ab29bb-a5ea-4852-a144-5e732ce6ff94.png

      The app integration is created.

  4. Select the General tab and then click Edit.

    eef070a4-aaf8-44cc-a924-254202e34577.png


  5. Under Client authentication, select Client secret and make sure that under Proof Key for Code Exchange (PKCE)Require PKCE as additional verification is enabled. Afterward, click Save.

    80630de1-631e-4c14-a362-2117062ed2d4.png

    The client secret will be created.

Registering Our Okta Application in the IGEL Customer Portal

  1. Open the IGEL Customer Portal in your browser, log in to your admin account, and select Users > IGEL OS IdP.

    image-20240917-051856.png


  2. Click Register IGEL OS IdP.


  3. Enter a Display name. This is the name under which your identity provider app will be displayed.


  4. Change to the tab with your Okta app, go to the General tab and copy the Client ID.

    508590ed-b551-4b6b-8ae2-b320441ef513.png


  5. Change to the IGEL Customer Portal (IGEL OS Identity Provider (IdP) Registration) tab and paste the client ID into the field Client ID.


  6. Change to the tab with your Okta app, go to the General tab and copy the Client Secret.


  7. Change to the IGEL Customer Portal (IGEL OS Identity Provider (IdP) Registration) tab and paste the client secret into the field Client secret.


  8. To get the Authorization Endpoint URL and Token Endpoint URL enter into your browser: https://<yourOktaOrg>/.well-known/openid-configuration
    Example: https://dev-xxxxxx-admin.okta.com/.well-known/openid-configuration


  9. Copy and paste the values into the Authorization Endpoint URL and Token Endpoint URL fields one by one.


  10. To add a domain, click Add, enter the Domain name, and then click Add in the dialog.


  11. Click Submit.
    The data record is created.

Configuring Roles

For information, see: https://developer.okta.com/docs/guides/customize-tokens-returned-from-okta/main/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.