In This Article

Overview

The Okta Identity Cloud provides secure identity management with Single Sign-On, Multi-factor Authentication, Lifecycle Management (Provisioning), and more. This article shows you how to add Okta as an identity source in Clearlogin.

Overview of the Process

Add the Okta Identity Source to Clearlogin
Start the Okta Configuration
Configure the Okta Identity Source in Clearlogin
Finish the Okta Configuration

Clearlogin: Add the Okta Identity Source

These steps will add

Sign into the Clearlogin Admin Console: https://admin.clearlogin.com
In the left navigation bar, browse to: Identity Sources
Click on the New Identity Source button, and select Okta

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-01.PNG

Display Name: Okta
User Domain: yourdomain.com
Access Tag: Azure AD
Priority: 5 (default). Change this to a lower number if you wish to give Okta a higher priority.
Timeout: 10 seconds (default)
Click on Create Okta Identity Source

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-03.PNG

On the Summary page, note the SSO Login & SSO Logout, and Redirect URLs. You will need these for the Okta configuration.

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-04.PNG

Okta: Configuration Part 1

Open a new browser tab and navigate to your Otka administrator dashboard (https://yourtenantid-admin.okta.com).

From the Okta admin dashboard, browse to: Applications > Applications
Click on Add Application

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-06.PNG

Click on Create New App

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-07.PNG

In the New Application Integration window
- Platform: Web
- Sign on Method: OpenID Connect
Click on Create

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-09.PNG

Name the application: Clearlogin
Add the Clearlogin logo
Add the SSO Login URL from the summary page in Clearlogin to the Login Redirect URIs field
Add the SSO Logout URL from the summary page in Clearlogin to the Logout Redirect URIs field
Click Save

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-11.PNG

On the General tab, scroll down and take note of the Client ID and Client Secret. You will need these in the Clearlogin configuration.

Evolve IP Knowledge Base > Clearlogin - Okta > image2019-6-17_1-1-57.png

Clearlogin: Configure the Okta Identity Source

Switch back to Clearlogin
On the Okta summary page, click Edit
Scroll down and select Endpoints, and then enter the following:

Item	Value
Authorization Endpoint	https://youroktasubdomain.okta.com/oauth2/v1/authorize
Token Endpoint	https://youroktasubdomain.okta.com/oauth2/v1/token
Userinfo Endpoint	https://youroktasubdomain.okta.com/oauth2/v1/userinfo

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-12.PNG

Enter the Client ID and Client Secret from Okta (General tab)
Save the configuration by clicking on Update Okta Identity Source.

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-14.PNG

Okta: Configuration Part 2

Back in the Okta admin dashboard, on the General Settings (tab).

Click the Edit button in the header bar at the top of the page.

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-08.PNG

Allowed Grant Types
- Authorization Code: Checked
- Refresh Token: Unchecked
- Implicit (Hybrid): Checked
- Allow ID Token with implicit grant type: Checked
- Allow Access Token with implicit grant type: Unchecked

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-15.PNG

Login Initiated By: Either Okta or App
Application Visibility
- Display application icon to users: Checked
- Display application icon in the Okta Mobile app: Checked
Login Flow: Redirect to app to initiate login (OIDC Compliant)

Evolve IP Knowledge Base > Clearlogin - Okta > IS-Okta-16.PNG

Save the changes.

Evolve IP Knowledge Base > Clearlogin - Okta > image2019-6-17_1-13-25.png

Make sure to assign the Clearlogin app to the appropriate users/groups from the Assignments tab in order to grant access to those who need it.