pages /
60 lines | ISO-8859-1 | 2 KB

Usage Scenario

Single sign on with Okta and authorize users based on Okta group membership information

How to Set Up

Single Sign On with Okta

  1. Make sure your OneDev instance can be accessed publicly, and configure the public server url in Administration / System Setting

    Configure Server Url

  2. Login to Okta, switch to organization administration page, and manage the applications

    Okta Your Org

    Okta Org Applications

  3. Add OneDev as a web application to get the client id and secret

    Okta Client Credentials

  4. Switch to api/authorization servers to get the issuer URL

    Okta Issuer Uri

  5. At OneDev side, switch to page Administration / Single Sign On Providers, add a provider of type OpenID (Generic) , with information from previous steps

    Add Okta Sso

  6. Save the provider, and copy the callback url from details page

    Okta Sso Details

  7. At Okta side, edit OneDev application added previously and paste url copied above into field Login Redirect URLs. Also copy OneDev server url into field Initiate Login URI

    Okta Set Callback Url

  8. Now sign out and a button Login with Okta will appear at bottom of the login page. Anyone in your Okta organization assigned to OneDev application will be able to login via this button

    Okta Login Button

Authorize Users Based On Okta Group Membership Information

  1. At OneDev side, edit Okta single sign on provider, and specify groups claim as groups

    Okta Sso Groups Claim

  2. At Okta side, switch to page api / authorization servers, and select corresponding authorization server to add groups scope

    Okta Add Groups Scope

  3. Continue to add groups claim to be included in ID token and groups scope like below

    Okta Add Groups Claim

  4. At OneDev side, switch to page Administration / Group Management, add necessary Okta groups (same name) and assign appropriate permissions

  5. Now users signed in via Okta will be added to corresponding groups at OneDev side to get appropriate permissions

Please wait...
Page is in error, reload to recover