Follow

Okta Integration SSO Using OpenID

This article outlines how to set up AuditFindings for single sign on via Okta.  The basic steps are outlined below.

  1. Obtain Okta configurations from your Okta server
  2. Enter Okta settings in AuditFindings
  3. Save and Sync. 
  4. Add users to the AuditFindings application within Okta.
  5. Within AuditFindings, Save and Sync to import users from Okta.

Explanations of the these basic steps are included below. 

STEP 1 OBTAIN OKTA SETTINGS

The Okta settings will need to be entered into the AuditFindings Administration > Single Sign on page. From this section, you will need to enter the following:

  • Okta Domain
  • Client ID
  • API Token

Once these items are entered, the Login Link will be created that can then be used by Okta users. 

Okta-SSO-Settings.png

Here is how to obtain these settings from within Okta.

The following provides additional information on getting the configuration items from your Okta server to input into AuditFindings.

OBTAIN OKTA DOMAIN

Get your Okta Domain for your Okta Server:  Your Okta Administrator should have this information.

OBTAIN CLIENT ID

Create an AuditFindings Application to obtain a Client ID.  Below is the process to create an application and obtain the client ID.

Select Applications from the Applications menu.

Client_ID_-_Application_1.png

Select Add Application.

Client_ID_-_Application_2.png

Select Create New App

Client_ID_-_Application_3.png

Select WEB - Open ID Connect

Client_ID_-_Application_4.png

Enter the appropriate setting in the OpenID Connect Integration page.

  • Application Name:  AuditFindings (or whatever you would like to call it)
  • Application Logo:  Optional, but our logo is uploaded to this help file.
  • Client Credentials: blank
  • Client acting on behalf of a user
    • Authorization Code: checked
    • Implicit (Hybrid)
      • Allow ID token with implicit grant type: checked
  • Login redirect URIs:  https://secure.auditfindings.com/member/login/okta
  • Logout redirect URIs:  blank
  • Login initiated by:  Either Okta or App
  • Application visibility
    • Display application icon to users
  • Login Flow: redirect to app to  initiate login (OIDC Compliant)

Screen_Shot_2018-03-01_at_11.40.52_AM.png 

The Client ID is near the bottom of the page in the Client Credentials section. 

OBTAIN API TOKEN

When you create this ID, you must ensure that you copy the ID, it cannot be retrieved again. A new one must be created if this ID is not copied at that time.

Select API from the Security dropdown menu

API_-_Token_-_1.png

Select Create Token

API_-_Token_-_2.png

Name the token: AuditFindings

API_-_Token_-_3.png

Copy the token value:  This will be entered into AuditFindings SSO settings.

API_-_Token_-_4.png

In addition to the API token, a Trusted Origin must be configured.

Select Trusted Origins > Add Origin

API_-_Trusted_Origins_-_1.png

Configure the Origin Settings:

API_-_Trusted_Origins_-_2.png 

 

STEP 2  ENTER INFORMATION INTO AUDITFINDINGS.COM SSOOKTA_-_SSO_-_Config_-_1.png

 

Once entered, you will see the Login Link Available.

Okta-SSO-Settings.png

 

STEP 3  SAVE AND SYNC

By clicking the Save and Sync button, users from Okta will be imported into the User Management  within AuditFindings.  Any users within the Okta AuditFindings application will be imported as Active user at the Assignee level.   An Administrator will need to log into AuditFindings and change their access level if they should have access other than at the Assignee level.

STEP 4 ADD ADDITIONAL USERS TO OKTA AUDITFINDINGS APP

Add any additional users to the AuditFindings app within Okta.  These users will then be imported into AuditFindings as Assignee level users.

STEP 5 SAVE AND SYNC

Within AuditFindings, the Save and Sync option must manually be clicked to import users from Okta.

NOTES

Some of the key attributes of using OKTA single sign on:

Once configured, users will be imported automatically from the single sign on system into AuditFindings. These users will be disabled by default.  An administrator must enable the users in AuditFindings to allow them access to the application.

A user could also have direct access to AuditFindings if an administrator sets a password within AuditFindings.com or the user resets or creates their own password.

All single sign on users will be imported at the Assignee level.  If an organization should require another level of access, an administrator must change that user's level within AuditFindings.

If single sign on configuration is removed, the users will remain within AuditFindings, but they would not be able to access the system via the single sign on system.

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk