Okta

Use these instructions to set up Okta as your SSO provider for Tonic Structural.

Okta configuration

You complete the following configuration steps within Okta:

1. Create a new application. Choose the OIDC - OpenId Connect method with the Single-Page Application option.

1. Click Next, then fill out the fields with the values below:

   • App integration name: The name to use for the Textual application. For example, Textual, Textual-Prod, Textual-Dev.

   • Grant type: Implicit (hybrid)

   • Sign-in redirect URIs: <base-url>/sso/callback/okta

   • Sign-out redirect URIs: <base-url>/sso/logout

   • Base URIs: The URL to your Textual instance

   • Controlled access: Configure as needed to limit Textual access to the appropriate users

1. After saving the above, navigate to the General Settings page for the application and make the following changes:

   • Grant type: Check Implicit (Hybrid) and Allow ID Token with implicit grant type.

   • Login initiated by: Either Okta or App

   • Application visibility: Check Display application icon to users

   • Initiate login URI: <base-url>

1. Make a note of the following values that must be provided to Structural:

   • Client ID of the application:
   • Your Okta domain (for example, tonic.okta.com)

   • If you created a custom authorization server for Textual, the server ID:
   • IdP ID (If you use an outside identity provider):

Textual configuration

After you complete the configuration in Okta, uncomment and configure the relevant environment variables in Textual.

Kubernetes

For Kubernetes, the settings are in the Okta SSO Config section of values.yaml:

# Okta SSO Config
# -----------------
#oktaAuthServerId: <customer auth server if you have one>
#oktaClientId: <client-id>
#oktaDomain: <sso-domain>
#oktaIdentityProviderId: <identity-provider-id>

• oktaAuthServerId - If you created a custom authorization server, the server ID. If you do not use a custom authorization server, then you can omit this.

• oktaClientId - The client identifier of the application.

• oktaDomain - The Okta domain.

• oktaIdentityProviderId - If you use a third-party provider, the provider identifier. If you do not use a third-party provider, you can omit this.

Docker

For Docker, the settings are in .env:

#SOLAR_SSO_OKTA_CLIENT_ID=#<FILL IN>
#SOLAR_SSO_OKTA_DOMAIN=#<FILL IN>
#SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID=#<FILL IN>

• SOLAR_SSO_OKTA_CLIENT_ID - The client identifier of the application.

• SOLAR_SSO_OKTA_DOMAIN - The Okta domain.

• SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID - If you use a third-party provider, the provider identifier. If you do not use a third-party provider, then you can omit this.