Okta
Last updated
Was this helpful?
Last updated
Was this helpful?
Use these instructions to set up Okta as your SSO provider for Tonic Structural.
You complete the following configuration steps within Okta:
Create a new application. Choose the OIDC - OpenId Connect method with the Single-Page Application option.
Click Next, then fill out the fields with the values below:
App integration name: The name to use for the Textual application. For example, Textual, Textual-Prod, Textual-Dev.
Grant type: Implicit (hybrid)
Sign-in redirect URIs: <base-url>/sso/callback/okta
Sign-out redirect URIs: <base-url>/sso/logout
Base URIs: The URL to your Textual instance
Controlled access: Configure as needed to limit Textual access to the appropriate users
After saving the above, navigate to the General Settings page for the application and make the following changes:
Grant type: Check Implicit (Hybrid) and Allow ID Token with implicit grant type.
Login initiated by: Either Okta or App
Application visibility: Check Display application icon to users
Initiate login URI: <base-url>
Make a note of the following values that must be provided to Structural:
Client ID of the application:
Your Okta domain (for example, tonic.okta.com
)
If you created a custom authorization server for Textual, the server ID:
IdP ID (If you use an outside identity provider):
After you complete the configuration in Okta, uncomment and configure the relevant environment variables in Textual.
For Kubernetes, the settings are in the Okta SSO Config
section of values.yaml:
oktaAuthServerId
- If you created a custom authorization server, the server ID.
If you do not use a custom authorization server, then you can omit this.
oktaClientId
- The client identifier of the application.
oktaDomain
- The Okta domain.
oktaIdentityProviderId
- If you use a third-party provider, the provider identifier.
If you do not use a third-party provider, you can omit this.
For Docker, the settings are in .env:
SOLAR_SSO_OKTA_CLIENT_ID
- The client identifier of the application.
SOLAR_SSO_OKTA_DOMAIN
- The Okta domain.
SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID
- If you use a third-party provider, the provider identifier.
If you do not use a third-party provider, then you can omit this.