Okta
Okta can be used as an external login provider for Therefore™. The exact process and UI options are managed by Okta and can be subject to change from their side at any time.
Configuration in Okta
In the Okta portal, an API token and an application have to be created.
Check that the following settings are configured for the application:
The application type should be Native Application and the sign-in method should be set to OIDC - OpenID Connect.
-
The grant type is Authorization Code, and Implicit (hybrid) should be checked. The following option should be unchecked: Allow Access Token with implicit grant type
-
The Token Credentials are Signing credentials rotation and Automatic
Redirect URIs
For the configuration of the application in Okta, redirect URIs for Therefore™ applications are necessary. They can be found here:
Configuration in Therefore™
To configure Okta as an external login provider, select the option 'Okta' under 'External User Directories'.
Enter the following values into the respective fields in the dialog of the Therefore™ Solution Designer:
| Okta Label | Therefore™ Setting | Description |
|---|---|---|
| API Token | API Access Key | The value of the API token Therefore™ uses for authentication against Okta |
| Client ID | Therefore™ Client ID |
The ID of the Okta application used by Therefore™ for login |