Configuring Okta with SAML
Last updated
Last updated
Integrating Okta with SolarArchive allows you to manage user authentication and authorization seamlessly. This tutorial will guide you through creating an Okta Developer account, setting up an application, configuring OAuth, and finally, connecting it with Solar Archive.
Visit the Okta Developer signup page at https://developer.okta.com/signup/.
Fill in the required details as shown in the signup form.
Click "Sign Up" to create your developer account.
Verify your account by clicking on the link sent to your email.
After logging in, navigate to the "Applications" section from the left-hand side menu.
Click on "Add Application" and then select "Create New App".
Choose "Web" as the platform and select "OpenID Connect" as the sign-on method. Click "Create".
Enter your Application Name and Redirect URIs where you want Okta to send the authentication response. Click "Save".
Note down the "Client ID" and "Client Secret" presented to you; these will be used later when creating a connection in SolarArchive.
Ensure you select both "Authorization Code" and "Refresh Token" grant types to enable OAuth login.
Navigate to the "API" section under the "Security" option in the left-hand side menu to find your "Issuer URI".
Note down the following endpoints using your "Issuer URI":
{Issuer URI}/v1/authorize
{Issuer URI}/v1/token
{Issuer URI}/v1/userinfo
Assign users to your created application by navigating to "Assignments" under the application settings, clicking "Assign", and selecting users or groups as needed.
Go to the "API" section under "Security" and select the "Claims" tab.
Click on the "Edit" icon and navigate to the "Claims" section.
Fill in the details to create a new claim for the user's secondary email address. The key you enter in the "Name" field will be the one used in Solar Archive to refer to this secondary email address.
In Solar Archive, navigate to "SSO-OAuth" under "Adv. Configuration".
Enter the connection details for your Okta application, including the "Client ID", "Client Secret", and the endpoints configured in Step 3.