Okta
Use these instructions to set up Okta as your SSO provider for Tonic Textual.
Okta configuration
You complete the following configuration steps within Okta:
Create a new application. Choose the OIDC - OpenId Connect method with the Single-Page Application option.

Click Next, then fill out the fields with the values below:
App integration name: The name to use for the Textual application. For example, Textual, Textual-Prod, Textual-Dev.
Grant type: Implicit (hybrid)
Sign-in redirect URIs:
<base-url>/sso/callback/okta
Sign-out redirect URIs:
<base-url>/sso/logout
Base URIs: The URL to your Textual instance
Controlled access: Configure as needed to limit Textual access to the appropriate users

After saving the above, navigate to the General Settings page for the application and make the following changes:
Grant type: Check Implicit (Hybrid) and Allow ID Token with implicit grant type.
Login initiated by: Either Okta or App
Application visibility: Check Display application icon to users
Initiate login URI:
<base-url>


Make a note of the following values that must be provided to Textual:
Client ID of the application:
Your Okta domain (for example,
tonic.okta.com
)If you created a custom authorization server for Textual, the server ID:
IdP ID (If you use an outside identity provider):
Textual configuration
After you complete the configuration in Okta, uncomment and configure the relevant environment variables in Textual.
Kubernetes
For Kubernetes, the settings are in the Okta SSO Config
section of values.yaml:
# Okta SSO Config
# -----------------
#oktaAuthServerId: <customer auth server if you have one>
#oktaClientId: <client-id>
#oktaDomain: <sso-domain>
#oktaIdentityProviderId: <identity-provider-id>
oktaAuthServerId
- If you created a custom authorization server, the server ID. If you do not use a custom authorization server, then you can omit this.oktaClientId
- The client identifier of the application.oktaDomain
- The Okta domain.oktaIdentityProviderId
- If you use a third-party provider, the provider identifier. If you do not use a third-party provider, you can omit this.
Docker
For Docker, the settings are in .env:
#SOLAR_SSO_OKTA_CLIENT_ID=#<FILL IN>
#SOLAR_SSO_OKTA_DOMAIN=#<FILL IN>
#SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID=#<FILL IN>
SOLAR_SSO_OKTA_CLIENT_ID
- The client identifier of the application.SOLAR_SSO_OKTA_DOMAIN
- The Okta domain.SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID
- If you use a third-party provider, the provider identifier. If you do not use a third-party provider, then you can omit this.
Last updated
Was this helpful?