Integrating Okta
  • 01 Jun 2023
  • 3 Minutes to read
  • Dark
    Light

Integrating Okta

  • Dark
    Light

Article summary

What You Need to Integrate Okta

All you need to integrate Okta is a valid license and a developer account. You can open an Okta developer account from https://developer.okta.com.


Step 1. Creating your Okta Application

  1. Log in to your Okta developer account.

  2. Click Applications > Add Application.

  3. Select the OIDC - OpenID Connect option and then select Web Application.

Okta_OpenIDApp

  1. Fill out the New Web App Integration form as detailed below:

Okta_NewIntegrationForm

Fields/options that we haven't listed below can be filled out or left blank at your discretion.

App integration name

Nexudus 

Sign-in redirect URIs

https://spaces.nexudus.com/authorization-code/callback 

Sign-out redirect URIs

https://spaces.nexudus.com/login/logout

Base URIs

https://spaces.nexudus.com

Controlled access

Allow everyone in your organization to access
  1. Click the Save button. 


This Okta application will let users sign in to their Nexudus accounts as long as they are already a user in your Okta account.
You may also want to connect Okta with an identity providers, such as Microsoft or Google, to delegate the authentication process to the supported providers. You do this by adding a identity provider to your Okta developer account. Okta provides instructions for the different Identity Providers they support:

Once you have configured your identity provider, copy and save the identifier IdP ID Okta assigned to it.

Okta_IdPIDHighlight

You will need this ID along with your Client ID and Client Secret to enable the integration on the Admin Panel.

Step 2. Enabling the Okta Integration in Nexudus

The second step of the integration is to enable the Okta integration in your Nexudus account.

Okta_EnablingIntegration

  1. Log in to dashboard.nexudus.com if you aren't already.

  2. Click Settings > Integrations > Okta.

  3. Enable the Okta integration toggle.

  4. Enable the Create new users in Nexudus if they don't exist toggle if you want to register directory users as contacts in Nexudus if they don't have an account yet.

  5. Enable the Prevent users from using their Nexudus password to log in toggle if you want your customers to only be able to use Okta to log in to their Nexudus account.

This means the Nexudus login page will automatically redirect users to Okta or the connected identity provider.
  1. Add your Okta domain without https://.

You can also use your Okta custom domain if you have one.

  1. Add your Identity Provider Id (IdP ID) if you use one.

  2. Add your Client ID.

  3. Add your Client Secret.

  4. Add text in the Sign in button label.

The default text is Sign in with Corporate Account.

  1. Click the Save Changes button.


Okta is now integrated with Nexudus.

Your Nexudus login pages (Members Portal & Passport App) will present users with an additional login option labelled as Sign in with Corporate Account or the custom text you've added in the Sign in button label field in step 11.

Clicking on the sign in link will redirect the user to the Okta sign in flow. If you added a custom Identity Provider (i.e. Microsoft AD), then the user will be asked to log in using that provider. If the login is successful, the user is redirected to the Members Portal.

When the option Provision new users if they don't exist is enabled, if a user is successfully authenticated through Okta and they don't exist in your Nexudus customer database, we will automatically add them as contacts. We pull their their email and full name from the data returned by the identity provider and register them in all locations in your network.

Okta if you're self-hosting your Members Portal

If you are self-hosting your Members Portal, you need handle the Okta callback using your own domain and redirect it to the Nexudus endpoint to let it handle the final step of the Okta authentication flow.

For example, when you receive a request to https://:your_custom_domain.com/authorization-code/callback you should forward it to https://:your_custom_domain.spaces.nexudus.com/authorization-code/callback.

You can easily achieve this in NextJS using a redirect page located in /pages/authorization-code/callback.js

class OktaCallbackPage extends Component {}

OktaCallbackPage.getInitialProps = ({ asPath, query, res }) => {
  const your_nexudus_domain = "example";
  if (res) {
    res.writeHead(302, {
       Location: `https://${your_nexudus_domain}.spaces.nexudus.com/authorization-code/callback?code=${query.code}&state=${query.state}&error_description=${query.error_description ?? ''}`
    });
    res.end();
  }

  return {};
};

export default OktaCallbackPage;

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence