Configure SSO with Okta

Adaptiva integrates with Okta using the OpenID Connect (OIDC) protocol to provide single sign-on (SSO). In this setup, Okta acts as the identity provide (IdP) and manages user authentication, while Adaptiva relies on Okta to authenticate users and validate OIDC tokens. This allows your users to login with their Okta credentials adding an extra layer of security.

Below is a walkthrough on how to setup a relying party in Okta and then use the generated information to setup an OIDC provider in the OneSite Platform

Create an OIDC App Integration

1. Log in to the Okta Admin Console.

2. Navigate to Applications > Applications and click Create App Integration.

   
3. Select OIDC - OpenID Connect as the sign-in method.

4. Choose the application type:

   If using 9.2 select Single-Page Application (SPA)

   If using 9.3 or later select Web Application

   
5. Click Next.

Configure general settings

1. Provide an App Integration Name.

   • e.g., Adaptiva OIDC.

2. Configure Demonstration of Proof-of-Possession (DPoP) header if applicable.

3. Select the appropriate Grant Types:

   • Authorization Code (recommended for web apps)

   • PKCE (Proof Key for Code Exchange) for SPAs or native apps.

Sign-in Redirect URIs

1. Add the required Sign-in Redirect URIs where Okta will send authentication responses.

   https://AdaptivaServerFQDN[:PORT]/login/oidc-redirect

   Replacing AdaptivaServerFQDN and PORT with the specifics for your Adaptiva server.

   For 9.2 only, add a second redirect URI.

   https://AdaptivaServerFQDN[:PORT]/login/oidc-redirect/registration

2. (Optional) Add a Sign-out redirect URI.

   

Trusted Origins and Assignments

You can assign trusted origins for cross-origin requests if needed.

Assignments will be handled within the OneSite platform, so you can select Skip group assignment for now.

Save and retrieve credentials

1. Save the configuration to generate a Client ID and a Client Secret.

You will use the following in OneSite when configuring your OIDC:

• Authority - Base URI of the Okta OIDC Provider.

  By default when creating an Application, the Issuer URL is set to Dynamic. To change this to the Okta URL:

  1. Select the Sign On tab.

  2. Click Edit in the OpenID Connect ID Token.

  3. Select Okta URL from the Issuer dropdown.

  You'll want to make sure this URL matches exactly what you have for Authority in the Adaptiva OIDC settings.

  
• Client ID

• Client Secret - OneSite version 9.3 or above.

Assign User to Application

The OIDC Application is not assigned to the admin by default, so you will need to assign it to your user(s).

1. Select Directory > People from the side navigation.

2. Select + Add person and create a user.

3. Select the new or existing user.

4. Select the Assign Applications button and assign Adaptiva Okta.

5. Click Done.

Additionally you can view assigned users in your Application settings from the Assignments tab.

Create an OIDC provider

Follow the steps on the Configure OIDC page on how to setup the OIDC provider within the Adaptiva Admin Portal. The one-to-one translation of information that is specific to Okta is below:

• Authority - This is the base URL from Okta that should be in the format:

  https://<yourOktaDomain>

• Client ID - This is the Client ID from Okta.

If using 9.1-9.2:

• Client Authentication Type - Select Client Secret (Post) from the dropdown.

• Client Secret - This is the Client Secret from Okta.

  View from DUO Application dashboard:

  

  View from Adaptiva server settings:

  

Log in page

After Okta and the OneSite Platform have been federated using OIDC, an SSO button will appear on the login page. Once clicked, users will be redirected to a Okta login page and granted access to OneSite Platform.