Login
    Contents x
    Integrating Okta
    • 01 Jun 2023
    • 3 Minutes to read
    Contents

    Integrating Okta

    • Updated on 01 Jun 2023
    • 3 Minutes to read
    Article Summary

    What You Need to Integrate Okta

    All you need to integrate Okta is a valid license and a developer account. You can open an Okta developer account from https://developer.okta.com.

    Step 1. Creating your Okta Application

    1. Log in to your Okta developer account.

    2. Click Applications > Add Application.

    3. Select the OIDC - OpenID Connect option and then select Web Application.

    Okta_OpenIDApp

    1. Fill out the New Web App Integration form as detailed below:

    Okta_NewIntegrationForm

    Fields/options that we haven't listed below can be filled out or left blank at your discretion.

    App integration name

    Nexudus

    Sign-in redirect URIs

    https://spaces.nexudus.com/authorization-code/callback

    Sign-out redirect URIs

    https://spaces.nexudus.com/login/logout

    Base URIs

    https://spaces.nexudus.com

    Controlled access

    Allow everyone in your organization to access

    1. Click the Save button. 

    This Okta application will let users sign in to their Nexudus accounts as long as they are already a user in your Okta account.
    You may also want to connect Okta with an identity providers, such as Microsoft or Google, to delegate the authentication process to the supported providers. You do this by adding a identity provider to your Okta developer account. Okta provides instructions for the different Identity Providers they support:

    Once you have configured your identity provider, copy and save the identifier IdP ID Okta assigned to it.

    Okta_IdPIDHighlight

    You will need this ID along with your Client ID and Client Secret to enable the integration on the Admin Panel.

    Step 2. Enabling the Okta Integration in Nexudus

    The second step of the integration is to enable the Okta integration in your Nexudus account.

    Okta_EnablingIntegration

    1. Log in to dashboard.nexudus.com if you aren't already.

    2. Click Settings > Integrations > Okta.

    3. Enable the Okta integration toggle.

    4. Enable the Create new users in Nexudus if they don't exist toggle if you want to register directory users as contacts in Nexudus if they don't have an account yet.

    5. Enable the Prevent users from using their Nexudus password to log in toggle if you want your customers to only be able to use Okta to log in to their Nexudus account.

    This means the Nexudus login page will automatically redirect users to Okta or the connected identity provider.
    1. Add your Okta domain without https://.

    You can also use your Okta custom domain if you have one.

    1. Add your Identity Provider Id (IdP ID) if you use one.

    2. Add your Client ID.

    3. Add your Client Secret.

    4. Add text in the Sign in button label.

    The default text is Sign in with Corporate Account.

    1. Click the Save Changes button.

    Okta is now integrated with Nexudus.

    Your Nexudus login pages (Members Portal & Passport App) will present users with an additional login option labelled as Sign in with Corporate Account or the custom text you've added in the Sign in button label field in step 11.

    Clicking on the sign in link will redirect the user to the Okta sign in flow. If you added a custom Identity Provider (i.e. Microsoft AD), then the user will be asked to log in using that provider. If the login is successful, the user is redirected to the Members Portal.

    When the option Provision new users if they don't exist is enabled, if a user is successfully authenticated through Okta and they don't exist in your Nexudus customer database, we will automatically add them as contacts. We pull their their email and full name from the data returned by the identity provider and register them in all locations in your network.

    Okta if you're self-hosting your Members Portal

    If you are self-hosting your Members Portal, you need handle the Okta callback using your own domain and redirect it to the Nexudus endpoint to let it handle the final step of the Okta authentication flow.

    For example, when you receive a request to https://:your_custom_domain.com/authorization-code/callback you should forward it to https://:your_custom_domain.spaces.nexudus.com/authorization-code/callback.

    You can easily achieve this in NextJS using a redirect page located in /pages/authorization-code/callback.js

    class OktaCallbackPage extends Component {}

OktaCallbackPage.getInitialProps = ({ asPath, query, res }) => {
  const your_nexudus_domain = "example";
  if (res) {
    res.writeHead(302, {
       Location: `https://${your_nexudus_domain}.spaces.nexudus.com/authorization-code/callback?code=${query.code}&state=${query.state}&error_description=${query.error_description ?? ''}`
    });
    res.end();
  }

  return {};
};

export default OktaCallbackPage;
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout