For authentication via Okta, create a new App Integration in your Okta instance and configure it in the following way:
-
Use "OIDC - OpenID Connect" authentication with the application type "Web Application"
-
For Grant type, choose "Client acting on behalf of a user" via an "Authorization Code"
-
Set the Sign-in redirect URL to
https://app.ketryx.com/api/auth/callback/okta
-
Set the Sign-out redirect URL to
https://app.ketryx.com
-
Make sure that all desired members of the organization are assigned to the app in Okta
-
Configure the authentication provider in Ketryx using Okta's client ID, client secret, and issuer URL, as in the example below
In the advanced setting Authentication providers, set the following (based on a
CLIENT_ID
and CLIENT_SECRET
retrieved from Okta, and an appropriate ORGNAME
in the Okta URL):{
"okta": {
"clientId": "CLIENT_ID",
"clientSecret": "CLIENT_SECRET",
"issuer": "https://ORGNAME.okta.com",
"allowDangerousEmailAccountLinking": true
}
}
The flag
allowDangerousEmailAccountLinking
can be set to allow users to authenticate via Okta even after they have created an account by logging in via email. This is secure as long as you trust your Okta instance to verify and report accurate email addresses.Okta can also be configured to allow users to initiate a login to Ketryx directly from an Okta dashboard. Please contact Ketryx Support for assistance.
Comments
0 comments
Article is closed for comments.