Configuring Addigy Identity with Okta enables end users to log into their macOS devices using their Okta credentials. For more details on Addigy Identity visit our Addigy Identity Overview article.
Enabling Addigy Identity
To enable Addigy Identity navigate to Account > Integrations > Addigy Add-ons. Click on Addigy Identity and toggle on the 'Enabled' switch on the top right. Once enabled you will see a green outline and a green checkmark appear as shown in the screenshot below:
Select Okta as your identity provider within a policy
- After Addigy Identity is enabled navigate to Policies > Integrations & Settings > Identity.
- Select Okta Authentication from the identity provider dropdown.
- Once selected the Client ID, Domain, and Redirect URI fields will appear. Proceed to the next step to continue configuring Addigy Identity.
Note: Ensure you have admin level permissions in the Okta instance.
Register an Application under your Okta instance
1. Login to Okta's Admin Console.
2. Go to Applications > Applications in the sidebar.
3. Click Create App Integration.
4. Creating a new app integration window should appear.
- Select OIDC - OpenID Connect as the Sign-in method.
- For Application type, select Native Application then click Next.
5. A New Native App Integration forum should appear starting with General Settings.
- Enter the App integration name, such as Addigy Identity.
- Optional, upload a logo.
- For Grant Type leave Authorization Code as default.
- Next for the Sign-in redirect URIs section click Add URI button
- Start by typing https://addigy- into the designated field.
- Next, locate your organization's Okta URL from the top right dropdown menu of your Okta dashboard, copy it, and then paste it into the same field.
- This process will create a URI that looks similar to: https://addigy-dev-XXXXXXXXX.okta.com
- Remove the default callback Sign-in Redirect URI and the Sign-out Redirect URI.
- Scroll down to the Assignments section to select the Control Access setting. Pick the option that works best for your organization.
- If you choose to Allow everyone in your organization to access make sure you deselect Enable immediate access with Federation Broker Mode.
- Once your configuration matches the example below, click Save.
6. Now that application registration is complete, we need to save some values to use for the next step:
Under Client Credentials copy and save the Client ID for later.
Now locate your Organization's Okta URL, can access it from the top right dropdown menu.
Scroll down to Login section to copy and save the Sign-in redirect URI.
Finalize Addigy Identity configuration
Enter the Client ID, Domain, and Redirect URI as shown in the screenshot below:
Use the Redirect URI value that was used in Okta for the Redirect URI field in Addigy. Example URI: https://addigy-dev-XXXXXXXXX.okta.com (be sure to keep the https:// prefix)
API Access Management
- If the organization pays for API Access Management SKU with Okta leave this check box enabled.
- If the organization does not pay for API Access Management SKU then uncheck the box leaving is disabled.
Customize Addigy Identity
You can customize Addigy Identity by enabling or disabling these settings:
Visit our Addigy Identity Overview article to see how each setting will impact the end user.
Collect User Attribute Data
You can Collect User Attribute Data by enabling this setting:
To configure User Attributes visit our Addigy Identity User Attributes for Okta article.
Login Window Theme
You can customize the Login Window Theme by uploading a background image and logo:
Scroll to the bottom of the page and click Save Changes.
Once the changes are saved and the policy deploys Addigy Identity will install on end users device. Upon the end user rebooting their device they will be able to seamlessly authenticate with their organizational email and password. Visit our Addigy Identity End User Experience article to see how Addigy Identity appears and functions on your end users devices.