Overview
The Okta Identity Cloud provides secure ide=
ntity management with Single Sign-On, Multi-factor Authentication, Lifecycl=
e Management (Provisioning), and more. This article shows you how to =
add Okta as an identity source in Clearlogin.
Overview of the Process=
p>
- Add the Okta Identity Source to Clearlogin=
- Start the Okta Configuration=
- Configure the Okta Identity Source in Clea=
rlogin
- Finish the Okta Configuration
Clearlogin: A=
dd the Okta Identity Source
These steps will add
- Sign into the Clearlogin =
Admin Console: https://admin.clearlogin.com
- In the left navigation bar, browse to: Identity Sources=
strong>
- Click on the New Identity Source button, and select
Okta
- Display Name: Okta
- User Domain: yourdomain.com
- Access Tag: Azure AD
- Priority: 5 (default). Change this to a lower nu=
mber if you wish to give Okta a higher priority.
- Timeout: 10 seconds (default)
- Click on Create Okta Identity Source
- On the Summary page, note the SSO Login & SSO Logout, and Redirect =
URLs. You will need these for the Okta configuration.
Okta: Configuration Part =
1
Open a new browser tab and navigate to your Otka administrator dashboard=
(https://yourtenantid-admin.okta.com).
- From the Okta admin dashboard, browse to: Applications=
> Applications
- Click on Add Application
- In the New Application Integration window
- Platform: Web
- Sign on Method: OpenID Connect
- Click on Create
- Name the application: Clearlogin
- Add the Clearlogin logo
- Add the SSO Login URL from the summary page in Clearlo=
gin to the Login Redirect URIs field
- Add the SSO Logout URL from the summary page in Clearl=
ogin to the Logout Redirect URIs field
- Click Save
- On the General tab, scroll down and take note of the <=
strong>Client ID and Client Secret. You wil=
l need these in the Clearlogin configuration.
- Switch back to Clearlogin
- On the Okta summary page, click Edit
- Scroll down and select Endpoints, and then enter the following:
Item |
Value |
Authorization End=
point |
https://youroktasubdomain=
.okta.com/oauth2/v1/authorize |
Token Endpoint |
https://youroktasubdomain=
.okta.com/oauth2/v1/token |
Userinfo Endpoint=
p> |
https://youroktasubdomain=
.okta.com/oauth2/v1/userinfo |
- Enter the Client ID and Client Secret from Okta (General tab)
- Save the configuration by clicking on Update Okta Identity Sour=
ce.
Okta: Configuration Part =
2
Back in the Okta admin dashboard, on the General Settings (tab).
- Click the Edit button in the header bar at the top of the page.
- Allowed Grant Types
- Authorization Code: Checked
- Refresh Token: Unchecked
- Implicit (Hybrid): Checked
- Allow ID Token with implicit grant type: Checked=
- Allow Access Token with implicit grant type: Unc=
hecked
- Login Initiated By: Either Okta or App
- Application Visibility
- Display application icon to users: Checked
- Display application icon in the Okta Mobile app: =
Checked
- Login Flow: Redirect to app to initiate login (O=
IDC Compliant)
- Make sure to assign the Clearlogin app to the appropriate users/groups =
from the Assignments tab in order to grant access to those=
who need it.