Integrating Okta
  • 03 May 2022
  • Comments

Integrating Okta

  • Comments

Integrating Okta is a two-step process.

What You Need to Integrate Okta

All you need to integrate Okta developer account. If you don't have an Okta developer account yet, you can open one on developer.okta.com.

Step 1. Adding Your Okta Application

  1. Log in to your Okta developer account.

  2. Click Applications > Add Application.

image.png

  1. Select the Web application type.

image.png

  1. Complete the Application details as shown below.
    Make sure the you use the correct details:
    Login Redirect URI - https://spaces.nexudus.com/authorization-code/callback
    Base URI https://spaces.nexudus.com

image.png

Once saved, go back to the applications list and access the details of the application you've just created. Copy and save both the Client ID and the Client Secret. You'll need them to enable the Oktra integration in Nexudus.

image.png

This Okta application will let users sign in to their Nexudus accounts as long as they are already a user in your Okta account.
You may also want to connect Okta with an identity providers, such as Microsoft or Google, to delegate the authentication process to the supported providers. You do this by adding a identity provider to your Okta developer account. Okta provides instructions for the different Identity Providers they support:

Once you have configured your identity provider, copy and save the identifier IdP ID Okta assigned to it.
image.png

You will need this ID along with the Client ID and Client Secret to enable the integration in Nexudus.

Step 2. Enabling the Okta Integration in Nexudus

The second step of the integration is to enable the Okta integration in your Nexudus account.

  1. If the navigation menu isn't visible, click the menu icon in the top left corner of the page.

  2. Click Settings > Integrations > Okta.

  3. Set the Enable toggle to YES.

  4. Set the Provision new users if they don't exist toggle to YES if you want to register your users as customers in Nexudus if they don't have an account yet.

  5. Set the Prevent users from using their Nexudus password to log in toggle to YES if you want your customers to only be able to use Okta to log in to their Nexudus account.
    This means the Nexudus login page will automatically redirect users to Okta or the connected identity provider

  6. Add text in the Sign in button label.
    The default text is "Sign in with Corporate Account".

  7. Add your Okta domain without "https://".
    You can also use your Okta custom domain if you have one.

  8. Add your Identity Provider Id (IdP ID).

  9. Add your Client ID.

  10. Add your Client Secret.

  11. Click the Save Changes button.


Okta is now integrated with Nexudus.

Your Nexudus login pages (Members Portal & Passport App) will present users with an additional login option labelled as Sign in with Corporate Account or the custom text you've added in the Sign in button label field.

image.png

Clicking on the sign in link will redirect the user to the Okta sign in flow. If you added a custom Identity Provider (i.e. Microsoft AD), then the user will be asked to log in using that provider. If the login is successful, the user is redirected to the Members Portal.

When the option Provision new users if they don't exist is enabled, if a user is successfully authenticated through Okta and they don't exist in your Nexudus customer database, we will automatically add them as contacts. We pull their their email and full name from the data returned by the identity provider and register them in all locations in your network.

Okta and self-hosting Members Portal

If you are self-hosting the members portal, you will need handle the Okta callback to your own domain and redirect it to the Nexudus endpoint to handle the final step of the Okta authentication flow.

For example, when you receive a request to https://:your_custom_domaion.com/authorization-code/callback you should forward it to https://:yourdomain.spaces.nexudus.com/authorization-code/callback.

You can easily achieve this in NextJS using a redirect page located in /pages/authorization-code/callback.js

class OktaCallbackPage extends Component {}

OktaCallbackPage.getInitialProps = ({ asPath, query, res }) => {
  const your_nexudus_domain = "example";
  if (res) {
    res.writeHead(302, {
       Location: `https://${your_nexudus_domain}.spaces.nexudus.com/authorization-code/callback?code=${query.code}&state=${query.state}&error_description=${query.error_description ?? ''}``
    });
    res.end();
  }

  return {};
};

export default OktaCallbackPage;

Was this article helpful?

What's Next