Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Setting up OKTA for OIDC-based Single Sign-On (SSO)

By SueAnn See
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Administrators responsible for managing organization security settings in Mazlan Home.

Admin Console access is required.

You can set up Okta as your corporate identity provider (IdP) in Mazlan Home using SAML or OIDC. To use an external identity provider like Okta, you will need to ensure the Mazlan Home user's authentication type is set to External.

This article outlines how to configure a new OIDC app in Okta and link it to Mazlan Home.

Creating an OIDC app

To create an OIDC app in Okta:

  1. Sign in to your Okta admin console.
  2. Navigate to Applications.
  3. Click Create App Integration.
  1. Select OIDC - OpenID Connect as the Sign-in method.
  2. Select Web Application.
  3. Click Next.
  1. In the General Settings step, enter an App name
  2. For Core grants, ensure Authorization Code is ticked.
  1. Complete the rest of the configuration steps.

Configuring the OIDC app

Mazlan Home

To configure your OIDC IDP in Mazlan Home:

  1. Sign in to Mazlan Home. 
  2. Navigate to the Admin Console.
  3. Go to the Security Center.
  4. Select Authentication.
  5. Select External IDP Configuration
  6. Click Add Identity Provider.
  7. Select OIDC.
  8. Click Next. 
  9. Take note of the Redirect URI displayed in the section at the top..
  10. Enter a Provider name.
    This name will appear as the sign-in button label at the sign-in page.
  11. Complete the remaining mandatory settings.
  12. Click Apply Configuration to save the IDP configuration in Mazlan Home.

Okta

To configure your OIDC IDP in Okta:

  1. Go to your Okta application.

  2. After selecting the grant type, enter the Redirect URI copied from Mazlan Home.

  3. Select the appropriate Assignment controlled access option.
    For example, you could allow everyone in your organization to access.

Note

If you skip group assignment, you will still need to complete the assignment later on.

  1. Click Save to save the app.

Setting the Client ID and secret

Okta

In Okta, after you have saved your app, you will be presented with the Client ID and Client Secret. Take note of these values as you will need to set this up in Mazlan Home.

 

Mazlan Home

To configure the client information:

  1. Go to the OIDC Configuration screen.
  2. Paste in the Client ID.
  3. Paste in the Client secret.

Defining the authorized scope

In Mazlan Home, you will need to configure the required authorized scope.

Mazlan Home only populates openid by default. You will need to populate the additional scope as required, separated with spaces.

Refer to this page ID token claims reference - Microsoft identity platform for information on the scope required for each claim.

For example, you will need to add:

  • profile scope to use the preferred_username claim
  • email scope to use the email claim
  • profile scope to use the name claim.

Setting the attribute request method

In Mazlan Home, select the GET request method for the attribute request method. This is the method recommended by Okta.

Getting the Issuer URL

Okta

You will need to obtain the Issuer URL from Okta to be set up in Mazlan Home.

To get the URL:

  1. Go to the Admin Console.
  2. Select Security.
  3. Click API
  4. Switch to the Authorization Servers tab.
  5. Take note of the Issuer URI value.

Mazlan Home

To configure the URL:

  1. Go to the OIDC Configuration screen.
  2. Select Auto fill through issuer URL.
  3. Enter the Issuer URI obtained from Okta.

Mapping attributes

Mazlan Home

Based on the authorized scopes, several ID token claims can be mapped as OpenID Connect attributes to Mazlan Home user pool attributes, such as preferred_username and email.

To map the attributes:

  1. Go to the OIDC Configuration screen.
  2. Scroll to the bottom section for the attributes mapping.
  3. Enter the claim name from Okta to be mapped to the Mazlan Home user pool attribute.
  1. Click Apply Configuration to save changes.

Assigning users

You must assign users to the OIDC app in Okta before they can authenticate with your identity provider, if this was not done during initial setup.

Okta

To assign users to an OIDC app:

  1. Go to the OIDC application.

  2. Switch to the Assignments tab.

  3. Click Assign.
    You can either Assign access to People or Groups depending on your organization's needs.

  4. Search for the username or group you want to assign.

  5. Click Save and Go Back after assigning every required user or group.

  6. Click Done to apply changes.

Further reading

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page