Okta
Set-up your Okta SSO integration by providing the necessary input. Always refer to the Okta manual.
For the full Okta integration, you'll need to set-up the configurations for both Single Sign-On (SSO) and System for Cross-domain Identity Management (SCIM) correctly.
Supported features
Y42 supports login via OKTA using the following methods:
- IdP-initiated SSO (Single Sign-On): Users can start the login process from OKTA. Once the Y42 app is assigned to a user, clicking on the app will initiate the login.
- SP-initiated SSO (Single Sign-On): Users can start the login process directly from Y42.
IdP-initiated SSO
SP-initiated SSO
Go to Y42 login page
SP-initiated SSO: Go to Y42 login page
Enter you email
SP-initiated SSO: Enter your email
Select the Identity provider you want to login with
SP-initiated SSO: Select the Identity provider you want to login with
Set-UP SSO
Go to your Okta account and search for the Y42 application in the catalog.
Set-Up Okta in Y42: Search for Y42 application in the Catalog.
Select the Y42 application.
Set-Up Okta in Y42: Select the Y42 application.
Add Y42 application to your Okta account.
Set-Up Okta in Y42: Add Y42 application to your Okta account.
Add a name to your Y42 Okta application.
Set-Up Okta in Y42: Add a name to your Y42 Okta application.
On the application details page, click the Sign On tab.
Set-Up Okta in Y42: Start editing Y42 application.
In your Y42 account, go to Org settings, open the security tab, and click "setup sso settings." Copy the IdP ID field value.
Copy the Idp id field value
Set-Up Okta in Y42: Set up SSO setting on your Y42 account.
In your Okta account, start editing the Y42 application.
Set-Up Okta in Y42: Edit Y42 application on your Okta account.
Paste the IdP ID value into the IDP ID field in your Okta Y42 app.
Set-Up Okta in Y42: Add IDP ID value to Y42 Okta application.
Copy the Metadata URL link from the Okta application.
Set-Up Okta in Y42: Get IDP ID from Y42.
Paste the Metadata URL into the Metadata URL field
Provide a name for your integration, and then click "Enable SSO for this Org."
Set-Up Okta in Y42: Finalize SSO set up.
Set-up SCIM
SCIM - System for Cross-domain Identity Management is a standard for automating the exchange of user identity information between identity domains, or IT systems. It allows Y42 to work seamlessly with the Okta user authentication and authorization.
To link your app with Y42, please follow these steps:
Verify prerequisites
At the Y42 app you must have an organization to link with your Okta account and it must be linked with Okfta. For SCIM to work you need to authenticate the app via SSO login and for SSO login to work you need to enable SAML (see above).
Y42 is using OAuth2 for authorizing the requests from Okta. Please follow the following steps to enable it.
Add Y42 application to Okta
From the Okta Dashboard go to App Integration Catalog and search for Y42 in the search bar.
Okta SCIM: Add Y42 application to Okta 1/3
Open the respective result and click Add Integration.
Okta SCIM: Add Y42 application to Okta 2/3
Give the new application integration a suitable name such as e.g. Y42 SCIM.
Okta SCIM: Add Y42 application to Okta 3/3
Assign Admin user
Assign your company admin to Okta users to start the authorizing process. Click the Assign to People (or Assign to Groups) menu button and provide the email address of your company's admin user.
Okta SCIM Authentication: assign admin user
Enable API integration
From within the Y42 app in Okta go to provisioning tab and click the Configure API Integration button.
Okta SCIM Authentication: Provisioning
Check the Enable API Integration checkbox and then click theAuthenticate with Y42 button.
Okta SCIM Authentication: Authentication
You will be redirected to the Y42 login screen. Please choose Continue with SSO and enter the email of the admin user we have assigned earlier.
Okta SCIM Authentication: SSO login
If the user you logged as has multiple integration with Okta you will get a list of applications to link with. Otherwise you will automatically get redirected to Okta.
Okta SCIM Authentication: If prompted, pick the SCIM application you created earlier
If the process completed successfully, you will be redirected back to Okta. You will notice the green check mark along the message that Y42's API is authenticated.
Okta SCIM Authentication: Success authentication
Set-Up provisioning settings
In the Provisioning tab click the edit button and check the following check boxes:
- Create Users - Enable
- Update User Attributes - Enable
- Deactivate Users - Enable
To confirm these choices, click the Save button, please.
Okta SCIM Authentication: App permission
Assign users
Go to the Assignment tab and start assigning user. The users you chose here will be added to the Y42 app.
Okta SCIM Authentication: Assign users
Troubleshooting Okta Set-Up
Please refer to these notes to find and fix possible pitfalls in the Okta Set-up.
Synchronize users
When a Company administrator adds a new user through the Okta app to their Okta-linked organization in Y42, the system checks if the user already exists. If the user already has a Y42 account, they will receive an email, inviting them to join the organization. Otherwise, if the user is new to Y42, they will be automatically added to the organization.
Synchronize groups
You cannot synchronize a group from Okta if it already exists on Y42. For example, if you have already created group named "Group A" in Y42 and then try to sync a group with the same name from Okta, you will encounter an error indicating that a group with the same name already exists.
Update User Email
To update already synced user from Okta to Y42 app, you will have to change the userName field attribute not the primary email.
Deactivate Users
Deactivate users from Okta will leads to the user will be removed from the organization members but his account will not be deactivated.
Okta Settings: Synchronizing users