To configure Okta with Addigy Identity, follow this step-by-step guide which incorporates the new instructions for registering your app in Okta. This process is essential for implementing authorization between Addigy and Okta. Ensure you have administrative access to both your Addigy and Okta accounts before beginning.
Prerequisites:
- Addigy Identity integration is turned enabled.
- Have admin-level permissions in the Okta instance.
Step One: Register an Application under your Okta instance
1. Login to Okta's Admin Console.
2. Go to Applications > Applications in the sidebar.
3. Click Create App Integration.
4. Creating a new app integration window should appear.
- Select OIDC - OpenID Connect as the Sign-in method.
- For Application type, select Native Application then click Next.
5. A New Native App Integration forum should appear starting with General Settings.
- Enter the App integration name, such as Addigy Identity.
- Optional, upload a logo.
- For Grant Type leave Authorization Code as default.
- Next for the Sign-in redirect URIs section click Add URI button
- Start by typing https://addigy- into the designated field.
- Next, locate your organization's Okta URL from the top right dropdown menu of your Okta dashboard, copy it, and then paste it into the same field.
- This process will create a URI that looks similar to: https://addigy-dev-XXXXXXXXX.okta.com
- Remove the default callback Sign-in Redirect URI and the Sign-out Redirect URI.
- Scroll down to the Assignments section to select the Control Access setting. Pick the option that works best for your organization.
- If you choose to Allow everyone in your organization to access make sure you deselect Enable immediate access with Federation Broker Mode.
- Once your configuration matches the example below, click Save.
6. Now that application registration is complete, we need to save some values to use for the next step:
Under Client Credentials copy and save the Client ID for later.
Now locate your Organization's Okta URL, can access it from the top right dropdown menu.
Scroll down to Login section to copy and save the Sign-in redirect URI.
Step Two: Application Credentials for Addigy Identity Settings
1. Sign in to Addigy.
2. Go to Policies.
3. Select an existing policy or create a new one.
4. Click on the Integrations & Settings section.
5. Find and select the Identity tab towards the top.
6. In the dropdown pick Okta Authentication.
7. Now take the Client ID that you saved earlier from Okta and paste it into Addigy's equivalent Client ID field.
8. Input the Okta Organization URI into the Domain field in Addigy.
9. Use the Redirect URI value that was used in Okta for the Redirect URI field in Addigy. Example URI: https://addigy-dev-XXXXXXXXX.okta.com (be sure to keep the https:// prefix)
10. API Access Management
- If the organization pays for API Access Management SKU with Okta leave this check box enabled.
- If the organization does not pay for API Access Management SKU then uncheck the box leaving is disabled.
11. Don't forget to Save your configuration.
Example Identity Configuration with API Access Management
Optional Settings for Identity
Identity Settings
Addigy Identity Okta User Attributes