Configure Okta OIDC
To set up Okta OIDC SSO in DronaHQ, you will need:
- An Okta account with permissions to create an OIDC integration Application.
- Manage Users access on self-hosted DronaHQ instance or DronaHQ Cloud to configure SSO configurations.
Configure in OKTA
- Navigate to the OKTA dashboard. From the left side menu, go to
Applications -> Applications.
Create App Integrationand configure the app with below field options -
|Sign-on method||OIDC - OpenID Connect|
|Application type||Web Application|
|App Integration Name||Give a suitable name to your application. Eg - |
|Logo||(optional) you can provide a logo for your app.|
|Grant type||Under Client acting on behalf of a user, select |
|Sign-in redirect URIs||https://YOUR_DRONAHQ_DOMAIN/callback/oauth . Go to |
|Controlled access||Select the access option accordingly. For instance, if you want a specific group of people to access apps, you can get that done using the |
- After the app gets created, you can see
Client Secret. Below this, you can see Okta domain. These will be useful in configuring OKTA OIDC in DronaHQ.
Once, App is created, you can keep a note of
Client ID and
Also, make note of
Okta domain shown below.
Configure in DronaHQ
- Go to
Manage Users -> SSO Configuration -> + ADD SSO -> OIDC - OpenID Connect
Enter form with below fields -
|Name||Provide Friendly Name of this SSO configuration|
|Restricted Domain||Enter domain name for which you want your users to login with for this SSO Configuration. You can add multiple domain names as well. eg - |
|Scope||OAuth scopes values seperated with a comma or space that you want DronaHQ to access data. For eg - |
|Authorization Request||Authorization endpoint for your OpenID OKTA SSO provider. In this URL - |
|Access Token Request||Token endpoint for your OpenID OKTA SSO provider. In this URL - |
|Refresh Token Request||Token endpoint for your OpenID OKTA SSO provider. In this URL - |
|Add Claim List||You can map your |
|Enable JIT user provisioning||Just in time (JIT) user provisioning enables DronaHQ to provision user accounts when users sign in via SSO for the |
- Save the draft. Again navigate back to the SSO configuration option. You can see the newly created OAuth.
- You can click on
Test SSObutton and it will open SSO Login url in a popup window.
- Once you login successfully and if everything is set up correctly, then finally you will see a success message at the bottom.
- Now, that testing is successful, you can click on the more option for above SSO configuration and click on
Activateto make it live.
OKTA OAuth in Action
Simply go to DronaHQ End user webapp and enter your email id with domain that matches the configured restricted domain specified in SSO configuration and Click
Instead of asking for password, it asks for Login via Okta OIDC SSO provide. Click on it and open a popup window of okta and the user can login with Okta login credentials.
Manage User section on DronaHQ and you will see the new user created since
JIT was enabled.