1. You must have admin access to the Unifyia platform.
2. You must have an active account with Okta with the necessary subscription.
3. You must have users and groups in the Unifyia directory.
4. Users must be assigned to groups that will have access to the Okta application within the Unifyia platform. A workflow needs to be created for these groups on the Unifyia platform.
5. You need the Client ID and the Client Secret for Okta as you need to add them while configuring Unifyia as an IdP on the Okta application. These values will be generated only after you add Okta as an SSO on the Unifyia platform. To continue with the configuration on the Okta application, initially use sample values.
6. You will need the Unifyia platform endpoints. Follow the below steps to get the required endpoints:
• Login to the Unifyia platform using admin credentials.
• On the dashboard, navigate to Configurations > General Settings.
• Under the section Endpoints, click on the link OPENID Endpoint Configuration. The page with all the endpoint details is displayed.
• Check the box Pretty-print to format the page.
• Keep these details handy as you will need these values while adding the Unifyia platform as an IdP on the Okta application.

1. Log in to Okta with an admin account.
2. On the dashboard, navigate to Security > Identity Providers
3. Select Add identity provider.
4. The application displays a list of identity providers is displayed.
5. Select OpenID Connect IdP. Select Next.
6. On the Configure OpenID Connect IdP page, define the following:
• Name: Enter a name for the Identity Provider (Unifyia Platform) configuration, for example, Unifyia.
• Scopes: Leave the defaults. These scopes are included when Okta makes an OpenID Connect request to the Identity Provider.
• Client ID: The client ID for the Okta application will be generated once you configure Okta as an SSO application on the Unifyia platform. So, enter a sample value for now, for example, OKTA_SSO_OIDC
• Authentication Type: Leave the default value i.e. Client Secret.
• Client Secret: As the selected authentication type is Client Secret, you need to enter the value. This value will be generated once you configure Okta as an SSO application on the Unifyia platform. Enter a sample value, for example, 0oafijkvt0tLRYDnv1d7
• By now you should have the Unifyia platform endpoint details as explained in the prerequisites section. Enter the following details from the endpoints:
• Issuer: Enter the value of “issuer”.
• Authorization endpoint: Enter the value of “authorization_endpoint”.
• Token endpoint: Enter the value of “token_endpoint”.
• JKWS endpoint: Enter the value of “jkws_uri”.
• Userinfo endpoint: Enter the value of “userinfo_endpoint”.
• Under the Authentication Settings section, enable the below options:
• Account Link Policy: Select the value as Automatic. This ensures that Okta automatically links an incoming IdP user to the matched Okta user.
• Select Finish. The details of the configured IdP are displayed.
• Copy the IdP ID and Redirect URI, and then paste it into a text editor for later use.
• You have partially completed adding the Unifyia platform as an IdP with Okta. You still need to add the Client ID and Client Secret values to complete the configuration. This you will do in step 3.
• The next step is to configure Okta as an SSO application on the Unifyia platform.

1. Log in to the Unifyia platform as an administrator.
2. Navigate to Integrations > SSO Applications. The SSO Applications page appears.
3. Select + Add Application and from the drop-down menu, select OpenID Connect. The page to configure the SSO application appears. Adding an SSO involves two steps:
• General Information: Provide application details and logo to display the application icon to the user.
• SSO Configuration (OIDC v1.0):Configure parameters to access the SSO application.
4. Under General Information, enter the following:
• App Name (required): Provide a name for the SSO application. E.g: Okta
• Description: Enter a brief description of the SSO application that you are adding.
• Add a logo for the app: Either drag and drop a file or simply click the box to upload a logo for Okta. This logo will be displayed under the Applications panel on the User’s dashboard once the user logs in to the Unifyia platform.
• Select Next. You will be redirected to the next tab, SSO Configuration (OIDC v1.0), where you'll configure the necessary OIDC parameters.
5. Under the SSO Configuration (OIDC v1.0) tab, set the below parameters for accessing the SSO application:
• Redirect URIs: You have copied the Redirect URI in a text editor after adding the Unifyia platform as an IdP on the Okta application. Ener that value here.
• Login URLs: Enter the Login URL created in the Prerequisites section.
• Post Logout URL: Set the value to +. When the Logout URL is set to +, it means that the application should dynamically determine the appropriate URL from a list of valid redirect URIs.
• Web Origins: Set the value to +
• In the Application Capability Configuration, select the following parameters:
• Client Authentication: Select this option. Enabling this option mandates client authentication using client credentials.
• For the authentication flow, select the below:
• Direct access grants (Resource Owner Password Credentials): It is used by REST clients to obtain tokens on behalf of users by sending the credentials of the user, client ID, and client secret in an HTTP POST request to fetch identity, access, and refresh tokens in an HTTP response.
• Standard flow (Authorization Code): It is a browser-based protocol that uses browser redirects to obtain identity and access tokens.
6. Select Add.
7. The SSO application is successfully added. You will notice that 3 tabs are enabled - User Groups, Client Credentials, and Mappers.
8. If you have enabled Client Authentication and also selected the Service account roles(Client Credentials) option for the Authentication flow, then the Service Account Roles tab is also enabled.
9. A list of groups with existing workflows is displayed. Select the groups that should be granted access to the SSO application being created. You can choose multiple groups from the options provided. Select Update User Groups when done. You may also skip this step and choose the groups that can access this application at a later time. Select the Credentials tab. You will find the Client ID and Client Credentials that you need to update in the Okta application. Make a note of these values in a text editor.
10. Configuring mappers is not necessary for SSO with Okta.
11. Under the Service Account Roles tab, select the roles that can access the service account of the client.
12. This completes the configuration of the Okta as an SSO application on the Unifyia platform.
13. Now, you need to update the Client ID and Client Secret on the Okta application.

1. Log in to Okta with an admin account.
2. On the dashboard, navigate to Security > Identity Providers.
3. A list of configured identity providers is displayed.
4. Against the Unifyia IdP that you have configured, select the Actions dropdown and select Configure Identity Provider. The configuration details are displayed.
5. Select to Edit the General Settings.
6. Update the Client ID and Client Secret values. Select Update Identity Provider to save the details.

You have completed the configuration of Okta as an SSO application. The next step is to try and test if the configuration is successful.

1. Login to the Unifyia platform as a user.
2. You will notice that the newly added application is listed on the dashboard under the Applications panel.
3. Select the application. You will be logged into the Okta application.