TABLE OF CONTENTS
Features
Okta is able to perform the following actions automatically against our platform:
- Authenticate users when they log in via our web portal or apps.
Go to the top.
Prerequisites
Before you configure provisioning, check the following in your platform account:
- Ensure you have added our Enterprise Toolkit option to your account, since this unlocks our Okta integration options. To enable Enterprise Toolkit, please contact support@amplusforms.com.
- Once Enterprise Toolkit is enabled, naviagate to the Menu -> Organization Setup page and find the section titled "External User Authentication & Provisioning". Click the Add Connector link and select the "Okta" option from the list of available connectors: this will save the Organization Setup page and reload it.
Go to the top.
Create an OpenID Connect application
- Go to the Admin -> Applications area of your Okta account and then click "Add Application."
- Click the "Create New App" button and then select "Native" from the list of Platform options.
- Ensure OpenID Connect is the selected Sign on Method and then click "Create."
- Enter an Application Name. Preferably, use our platform name: Amplus Forms.
- Upload an option Application Logo - you can get ours by right-clicking on our login page logo and using "Save Image As."
- Enter all Login Redirect URIs as noted from your Organization Setp page.
- Leave Logout Redirect URIs blank.
- Click the "Save" button to create your OIDC application. This will take you to more detailed configuration options.
General Settings
- Application Name - preferably use Amplus FormsApplication Type - must be "Native."
- Allowed Grant Types - only "Authorization Code" should be selected.
- Login Redirect URIs - enter all Login Redirect URIs as noted from your Organization Setup page.
- Logout Redirect URIS - leave blank.
- Make note of the Client ID value as seen under the Client Credentials section. You will need to input this into the given field on our platform to enable Single Sign On later.
- Client Authentication - ensure PKCE is selected.
Sign On
- Sign On Methods - OpenID Connect should be the only option selected.
- Signing Credential Rotation - should be left as "Automatic."
- Make note of the Issuer URL seen under the OpenID Connect ID Token section. You will need to input this into the given field on our platform to enable Single Sign On later.
- Claims - should be "Claims for this token include all user attributes on the app profile."
- Group Claim options should be left as default.
Assignments
- Assign users as desired - any user that requires login access on our platform or apps must be assigned to your OIDC app in Okta.
After creating and configuring your OIDC app in Okta, you must update the Okta connector configuration in our platform:
- Go to the Organization Setup page in our platform.
- Under the Manage Users with Okta option, input the Issuer URL and Client ID as noted during your Okta application setup process above.
- Save your changes.
Go to the top.