Set-up your Okta SSO integration by providing the necessary input. Always refer to the Okta manual.
For the full Okta integration, you'll need to set-up the configurations for both Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM) correctly.
Y42 supports login via OKTA using the following methods:
- IdP-initiated SSO (Single Sign-On): Users can start the login process from OKTA. Once the Y42 app is assigned to a user, clicking on the app will initiate the login.
- SP-initiated SSO (Single Sign-On): Users can start the login process directly from Y42.
In your Y42 account, go to Org settings, open the security tab, and click "setup sso settings." Copy the IdP ID field value.
Copy the Idp id field value
Provide a name for your integration, and then click "Enable SSO for this Org."
SCIM - System for Cross-domain Identity Management is a standard for automating the exchange of user identity information between identity domains, or IT systems. It allows Y42 to work seamlessly with the Okta user authentication and authorization.
To link your app with Y42, please follow these steps:
At the Y42 app you must have an organization to link with your Okta account and it must be linked with Okfta. For SCIM to work you need to authenticate the app via SSO login and for SSO login to work you need to enable SAML (see above).
Y42 is using OAuth2 for authorizing the requests from Okta. Please follow the following steps to enable it.
From the Okta Dashboard go to App Integration Catalog and search for Y42 in the search bar.
Open the respective result and click Add Integration.
Give the new application integration a suitable name such as e.g. Y42 SCIM.
Assign your company admin to Okta users to start the authorizing process. Click the Assign to People (or Assign to Groups) menu button and provide the email address of your company's admin user.
From within the Y42 app in Okta go to provisioning tab and click the Configure API Integration button.
Check the Enable API Integration checkbox and then click theAuthenticate with Y42 button.
You will be redirected to the Y42 login screen. Please choose Continue with SSO and enter the email of the admin user we have assigned earlier.
If the user you logged as has multiple integration with Okta you will get a list of applications to link with. Otherwise you will automatically get redirected to Okta.
If the process completed successfully, you will be redirected back to Okta. You will notice the green check mark along the message that Y42's API is authenticated.
In the Provisioning tab click the edit button and check the following check boxes:
- Create Users - Enable
- Update User Attributes - Enable
- Deactivate Users - Enable
To confirm these choices, click the Save button, please.
Go to the Assignment tab and start assigning user. The users you chose here will be added to the Y42 app.
Please refer to these notes to find and fix possible pitfalls in the Okta Set-up.