Introduction
This article shows you how to integrate Open ID Connect (OIDC) with the Astrato enterprise authentication function. We're using OKTA as an example.
Contents
Setup Information
There are several stages to the setup process, so we've listed them here for you. In the instructions for each stage we've included a Checklist listing any information you need to enter, and any information you'll need to collect to complete the setup.
OKTA - You'll need to set up your OKTA workspace using the admin console app integration wizard, and generate a Client ID and Client secret to add in Astrato.
Astrato - The Astrato set up is managed in the Open ID Connect Setup page in the Enterprise Authentication section of the Administration pages. You'll need to enter a Connection Name, Issuer URL, Client ID, Client Secret and Identity provider domain.
OKTA
Checklist
Access to the OKTA Admin Console for your organization.
Your organization name and location.
App links - home page.
The Callback URL listed in the Setup page for OIDC in Astrato.
Create App Integration
To start the setup for OKTA, open the app integration wizard in the admin console (Figure 1).
Open Applications in the left navigation menu, then select the Applications option.
Click Create App Integration to open the create screen.
Select OIDC as the Sign-in method.
Select Web Application as the Application type, then click Next.
Figure 1: Create App Integration
Web App Settings
When the New Web App Integration screen opens (Figure 2), enter the App integration name.
Select Authorization Code as a Grant type.
In Sign-in redirect URIs, enter the Callback URL listed on the Setup page in Astrato.
In Sign-out redirect URIs, enter the URL for the app homepage.
Select the Controlled access option that suits your organization best in Assignments, then click Save.
Figure 2: New Web App Integration
Summary
Once the settings are saved, the summary page should open, which contains the information you'll need to complete the setup.
In Client Credentials (Figure 3) note down the Client ID and Client secret.
Figure 3: Client Credentials
In General Settings (Figure 4) note down the Okta domain (this is the Issuer URL you'll need to complete the setup. You'll also see a list of the app integration settings in this section.
Figure 4: General Settings
Astrato
Checklist
The Client ID, Client Secret and Okta domain (Issuer URL) you've created in the OKTA setup.
Setup Page
Login to the Astrato site.
Navigate to the Open ID Connect integration page using
Administration > Enterprise Authentication > Open ID Connect (Figure 5).
Figure 5: Open ID Connect
Open the Setup page (Figure 6), and enter the configuration information:
Connection name - this should be unique.
Issuer URL - enter the value generated in OKTA.
Client ID - enter the value generated in OKTA.
Client secret - enter the value generated in OKTA.
Identity URL - enter the domain name you've used for the setup.
Click Create to save the setup details. You should receive a confirmation that the connection has been enabled.
Figure 6: Astrato Set Up
Delete
If you need to delete the connection, go to the bottom of the page, click Delete and confirm the deletion when the pop up opens (Figure 7). Once the connection has been deleted, you'll see the Connect option appear again.
Figure 7: Delete Connection
SSO Login
Note: Once the connection has been enabled, your users will have to login to Astrato using the SSO Screen. Any logins from other locations (e.g. LinkedIn) will return an error.
Enterprise Authentication Articles
You can find articles on Enterprise Authentication for Astrato in the Administration articles collection, including an Introduction and setup articles for other integrations.