Release notes Python SDK docs Textual Cloud Tonic.ai

Okta

Last updated 1 month ago

Was this helpful?

Okta

Use these instructions to set up Okta as your SSO provider for Tonic Textual.

Okta configuration

You complete the following configuration steps within Okta:

Create a new application. Choose the OIDC - OpenId Connect method with the Single-Page Application option.

Click Next, then fill out the fields with the values below:
- App integration name: The name to use for the Textual application. For example, Textual, Textual-Prod, Textual-Dev.
- Grant type: Implicit (hybrid)
- Sign-in redirect URIs: <base-url>/sso/callback/okta
- Sign-out redirect URIs: <base-url>/sso/logout
- Base URIs: The URL to your Textual instance
- Controlled access: Configure as needed to limit Textual access to the appropriate users

After saving the above, navigate to the General Settings page for the application and make the following changes:
- Grant type: Check Implicit (Hybrid) and Allow ID Token with implicit grant type.
- Login initiated by: Either Okta or App
- Application visibility: Check Display application icon to users
- Initiate login URI: <base-url>

Make a note of the following values that must be provided to Textual:
- Client ID of the application:
- Your Okta domain (for example, tonic.okta.com)
- If you created a custom authorization server for Textual, the server ID:
- IdP ID (If you use an outside identity provider):

Textual configuration

Kubernetes

For Kubernetes, the settings are in the Okta SSO Config section of values.yaml:

# Okta SSO Config
# -----------------
#oktaAuthServerId: <customer auth server if you have one>
#oktaClientId: <client-id>
#oktaDomain: <sso-domain>
#oktaIdentityProviderId: <identity-provider-id>

oktaAuthServerId - If you created a custom authorization server, the server ID. If you do not use a custom authorization server, then you can omit this.
oktaClientId - The client identifier of the application.
oktaDomain - The Okta domain.
oktaIdentityProviderId - If you use a third-party provider, the provider identifier. If you do not use a third-party provider, you can omit this.

Docker

For Docker, the settings are in .env:

#SOLAR_SSO_OKTA_CLIENT_ID=#<FILL IN>
#SOLAR_SSO_OKTA_DOMAIN=#<FILL IN>
#SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID=#<FILL IN>

SOLAR_SSO_OKTA_CLIENT_ID - The client identifier of the application.
SOLAR_SSO_OKTA_DOMAIN - The Okta domain.
SOLAR_SSO_OKTA_IDENTITY_PROVIDER_ID - If you use a third-party provider, the provider identifier. If you do not use a third-party provider, then you can omit this.