Okta Single Sign-On
About Okta
Okta sign in and authentication software allows users to access all your systems through a centralized process. In addition, Okta consolidates your user and role creation, streamlining the infrastructure aspect of your onboarding process. In order to use this feature, your company must subscribe to the Okta service. Cloud Inventory can now connect to Okta, but it does not provide Okta services.
In addition to the information listed on this site, Okta has their own library of information available at https://developer.okta.com/
Create an Okta application meant for Cloud Inventory®
Before creating an Okta application for Cloud Inventory, confirm:
-
Access to the Cloud Inventory domain (https://<<clientname>>.dsicloud.com/).
-
Access to the Okta environment.
-
Status and usage of the current Okta environment.
Name your new application <<ClientName>> Cloud Inventory Users.
-
Open the Okta dashboard.
-
On the left-side menu, select Applications > Applications.
-
Enter your Client Credentials:Step Information
-
Client ID
-
Client SecretNote:Never refresh your Client Secret. Doing so disconnects you from Cloud Inventory, and you must contact the Customer Support Center to initiate a reconnection process.
-
-
Enter the Okta Domain.
-
Enter <<ClientName>> Cloud Inventory Users in the App Integration Name field.
-
Under Application Type, select Web.
-
Select all the options under Grant Type.
-
Under the Refresh Token behavior options, select Use Persistent Token.
-
Enter the appropriate Sign-In and Sign-Out Redirect URIs.Step InformationNote:The redirect URIs are case-sensitive. Note especially in the second bullet that "Default.aspx" uses a capital D.
-
Sign-In Redirect URIs are formatted as:
-
Domain/
-
Domain/Default.aspx
-
https://www.cloudinventory.com/authorization-code/callback
-
Domain:3005
-
ExampleFor example, if your domain is https://test90.cloudinventory.com/, then your Sign-In Redirect URIs are:Step Information-
https://test90.cloudinventory.com/
-
https://test90.cloudinventory.com/Default.aspx
-
https://www.cloudinventory.com/authorization-code/callback
-
https://test90.cloudinventory.com:3005
Step InformationNote:If any of the URLs are missing or inappropriately formatted, users receive a 404 error on the Okta login screen.Step Information-
Sign-Out Redirect URIs are formatted as:
-
Domain/
-
Domain/Default.aspx
-
https://www.cloudinventory.com/Account/PostLogout
-
Domain:3005
-
ExampleFor example, if your domain is https://test90.cloudinventory.com, then your Sign-Out Redirect URIs are:Step Information-
https://test90.cloudinventory.com/
-
https://test90.cloudinventory.com/Default.aspx
-
https://www.cloudinventory.com/Account/PostLogout
-
https://test90.cloudinventory.com:3005
Step InformationNote:The redirect URLs must be configured correctly to ensure proper functionality during the sign-in and sign-out processes.-
Under the Login initiated by option, select App Only.
-
Enter https://<<clientname>>.cloudinventory.com/ as the Initiate login URI.ExampleFor example: https://test90.cloudinventory.com/
-
-
Save your changes.
Create a new group for Cloud Inventory® users in Okta
Groups enable you to set specific permissions for multiple users without having to manually select those permissions for each user.
-
Open the Okta dashboard.
-
On the left-side menu, select Directory > Groups.
-
Select Add Group.
-
Enter <<Client Name>> Cloud Inventory User Group in the Name and Description fields.
-
Select Add Group.
Add appropriate client users to the Okta group
Add only users who log into Cloud Inventory to the Okta group. For example, do not add staff from the Human Resources department to the group because they do not use the Cloud Inventory platform.
-
Open the Okta dashboard.
-
On the left-side menu, select Directory > Groups.
-
Select the group you created from the list.
-
Select the Manage People option.
-
In the Not Members column, hover over the username you want to add.Select the plus sign to move the user to the Members column.
-
Repeat steps 5 and 6 to add more users.
-
Once you have added all the users you need to, select Save.
Assign Okta groups to applications
Once you create and add users to a group, assign the group to Cloud Inventory applications. This process enables you to add application permissions to new users by simply adding the user to the group, rather than granting application permissions one at a time.
-
Open the Okta dashboard.
-
On the left-side menu, select Applications > Applications.
-
3. In the application list that opens, select the applications you want to associate to the Okta group.
-
Select Assignments.
-
Select Assign > Assign to Groups.From the list of available groups, select the groups to associate and select Assign.
-
Ensure the status field switches to Assigned.
-
-
Select Done.
Configure Cloud Inventory® security settings to accept Okta
This process takes the credentials from your Okta instance and adds them to your Cloud Inventory platform.
-
From the left menu in Cloud Inventory, select Admin > Configuration > Security Settings.
-
Select the OAuth Login tab.
-
Select the Enable Okta Sign In option.
-
Complete the fields in the tab (shown in the image below):Step Information
-
Client ID
-
Client Secret
-
Okta Domain
-
Okta Server ID
-
Okta API Token
Step InformationNote:The following images demonstrate where to find the information to complete the OAuth Login fields above.1 Client ID: Applications > Applications > General > Client ID field2 Client Secret: Applications > Applications > General > Client Secrets > Secret field3 Okta Domain: Security > API > Authorization Server > Issuer field4 Okta Server ID: Security > API > Authorization Servers > default name > Audience field5 Okta API Token: Security > API > Tokens > SAML OAuth Token > Token IDfieldNote:These values are provided by the customer. -
-
Select Save.
Sign in to Mobile Client using Okta
-
Open Mobile Client on your device.
-
Select the Sign In With Okta button.
-
Enter your Username and select OK.
-
Enter your Password and select Sign In.
-
If you have access to more than one Environment, choose your environment and select OK.
Synchronize Okta users
Manual Okta user synchronization
-
From the left menu in Cloud Inventory, select Admin > Configuration > Security Settings.
-
Select OAuth Login tab.
-
Select Sync User.
-
Save your changes.
Automatic Okta user synchronization
Configure Cloud Inventory for automatic synchronization:
-
Select Admin > Configuration > Security Settings.
-
Select OAuth Login tab.
-
Select the Auto Sync option.
-
Save your changes.
Navigate to the OAuth User Settings:
-
From the left menu in Cloud Inventory, select Admin > Configuration > Security Settings.
-
Select the General tab, then OAuth User Setting.
-
Select the Run Auto Okta User Sync option.
-
Save your changes.
Ongoing Maintenance
Add all users to new group
-
Open the Okta dashboard.
-
On the left-side menu, select Directory > Groups.
-
Select the group from the list.
-
Select Manage People.
-
In the Not Members column, select the username for the person you want to add to the group.
-
Select the plus icon to move the user to the Members column.
-
Repeat steps 5 and 6 until you have added all the users you need to the Members column.
-
Select Save.
Loading...
There was a problem loading this topic