Okta SSO Integration

01/2023 - rev 3

Overview

Oort’s platform can leverage your Okta instance for authentication into the Oort console. This allows you you fully manage administrator and read-only access to the Oort Dashboard.  Okta integration with Oort is set up using OpenID Connect (OIDC.)

Goal

The goal of this document is to serve as a guide to set up authentication with your Okta.   

Audience

This document is meant for the CISO to share with their teams to set up the integration with Okta for SSO integration.

Note - Collaboration with the Oort Customer Success team is required to complete the SSO integration via the exchange of Okta client secret.

Okta Integration

Okta SSO integration will be set up with an OpenID Connect style application.  The application will be configured in Okta and then assigned to users in the Okta directory.

Permission requirements for setting up Oort Dashboard SSO integration with Okta

To add the necessary configuration in Okta, you need to be one of the following:

• Super Administrator
• Organization Administrator
• Application Administrator

Setup Steps

There are 3 steps you need to go through to set up your SSO auth between Okta and Oort.

1. Add OIDC web application in Okta
2. Provide ClientID and Client Secret to Oort Customer Success or Support team (support@oort.io)
3. Assign application to users
4. Create an Okta bookmark app for your users

Add Application to Okta

Create App integration.

1. Go to Applications...Applications

   • Click on Create App Integration.

2. Please fill in the new app integration wizard as follows:

   1. Sign-in Method - OIDC - OpenID Connect
   2. Application Type - Web Application
   3. Click next

3. On the New Web App Integration page, complete the following:

• • App integration name = Oort Dashboard (or desired app name)

  • Grant type = Authorization Code

  • Sign-in redirect URIs

    • Oort staging tenants: ** https://login.stage.oort.io/login/callback**
    • Oort production tenants: ** https://login.oort.io/login/callback**

  • Sign-out redirect URIs = https://oort.io

    

• Assignments
• • Limit access to selected groups (if you would like to select a group)
  • Skip group assignment for now (if you would like to assign access later on)

Provide ClientID and Client Secret to Oort

Next, you will provide the Client ID and Client secret to Oort.

You will now be on the configured application screen.  On this screen, you will provide the Client ID and Client secret to Oort for setup in Oort’s backend.

• Client ID
• Client secret 

Assign application to users

If you did not assign the Oort Dashboard app to users during the app setup process, please assign the Oort Dashboard app to the appropriate users. 

Assign app to user:

1. Go to Directory...People
2. Click on Username that you would like to assign the app to
3. Click on Assign Applications
4. Select the Oort Dashboard and click Done

Add an Okta Bookmark App for Your Users

Oort strongly recommends creating a corresponding bookmark app in Okta for your Oort users to have quick access to the Oort console from their Okta dashboard.

Please see instructions here.

The Oort Customer Success or Support team will provide you with a specific URL for your tenant and SSO connection string. This will have the form of -

• Staging: https://dashboard.stage.oort.io/go?org=\[tenantUID]&connection=\[connectionString]
• Production: https://dashboard.oort.io/go?org=\[tenantUID]&connection=\[connectionString]