Okta (OIDC - OpenID Connect)

Modified on Tue, Jul 29 at 10:25 AM

https://www.okta.com/

Okta - Overview
Okta - Setup
- Register New Client
Zitadel - Setup
- Add Custom Login Policy
- Activate Identify Provider
Access the ConnectSecure Portal Using External Authentication
Need Support?

Okta - Overview

You can configure Okta (OIDC using OpenID Connect) as an Identity Provider in Zitadel to log in with the external provider option during login to the ConnectSecure portal.

Zitadel for ConnectSecure: https://authprod.myconnectsecure.com

ConnectSecure Portal: https://portal.myconnectsecure.com

Okta - Setup

Register New Client

Log in to your Okta account and visit the applications list <OktaDomain/admin/apps/active>
Click on ‘Create App Integration’ and choose ‘OIDC - OpenID Connect’
Choose Web Application as Application Type and give it a name
Add the sign-in redirect URIs
Select the sign-in method as OpenID-Connect
Select Application Type as Web Application

Sign-in redirect URLs {your-domain}/ui/login/login/externalidp/callback

Example: URL for domain https://acme-gzoe4x.zitadel.cloud would look like this:

https://acme-gzoe4x.zitadel.cloud/ui/login/login/externalidp/callback

Select your Assignment for Controlled Access settings.

Client ID and Client Secret

Click on the sign-on tab, scroll down, and click on OpenID Connect ID Token. The issuer URL can be copied from here, edited, set Okta URL as Issuer, and saved.

Copy the Issuer URL and paste it under the Zitadel OIDC provider.

Zitadel - Setup

Add Custom Login Policy

Go to Settings and choose Login Behavior.
Enable the attribute ‘External IDP Allowed’

Go to the Identify Providers page and select the Generic OIDC tile

Enter a Name, the Issuer URL, and the Client ID.

Field	Description
Name	Give the OIDC Provider a name Example: Okta
Issuer	The domain of your Okta account Example: https://trial-1925566.okta.com
Client ID	Generated from the application created in Okta; see step 1 from Create New Application above
Scopes	OpenID, Profile, Email is preconfigured
Automation Creation	If this setting is enabled the user will be created automatically within Zitadel, if it does not exist.
Automate Update	Ifi this setting is enabled, the user will be updated in Zitadel if user data is changed within the provider. Example: Last name is changed in Okta, the information will be changed in Zitadel account on next log in.
Account Creaetion Allowed	This setting determines if afccount creation within Zitadel is allowed or not allowed.
Account Linking Allowed	This setting determines if account linking is allowed. When logging in with a Okta account, a linkable Zitadel account has to exist already.

Activate Identify Provider

Once you create the provider, it will be listed in the Identity Providers overview. Activate it by selecting the tick with the tooltip set as available.

If you deactivate a provider, your users with a link to it will not be able to authenticate. You can reactivate it, and the login will work again.

Access the ConnectSecure Portal Using External Authentication

Browse to https://portal.myconnectsecure.com
Enter your Tenant Name and tap Use External Authentication

Select the OIDC Identify Provider (Okta)

If a User already exists, Link the user. If the user does not exist, register a new user.

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login