Okta SSO Integration
Introduction
This guide offers a comprehensive walkthrough for configuring Biopass as an OpenID Connect (OIDC) Identity Provider within Okta. By doing so, you will enable Passwordless authentication for Okta applications, also known as Relying Parties. The Passwordless authentication experience allows users to securely access these applications without needing to remember or enter passwords. By following this guide, you'll learn how to integrate Biopass with Okta and enhance the user experience for your Okta applications.
Prerequisites
To follow this guide, you should have:
- An active Okta account with administrator access (Sign up for a free trial at https://www.okta.com/free-trial/ if you don't have one)
- An active Biopass account with administrator access
- An application (Relying Party), such as a web application, mobile app, or API, that utilizes Okta for authentication through OIDC.
Create an OIDC Application in Biopass
1. Sign in to the Biopass Admin Dashboard
- Navigate to the Biopass Admin Dashboard and sign in using your Biopass administrator account.
- From the Dashboard, click on the "Applications" tab.
2. Create a new OIDC Application
- Click the "Add New Application" button.
- Choose "Regular Web Application".
- Fill in the "Application Name" field with a name for your application.
- Choose a "Policy".
- At this stage, the "Allowed Callback URL" for Okta is unknown; therefore, select a temporary URL. Once the Okta configuration is complete, this field will be updated with the appropriate value.
- Click "Create" to proceed.
3. Add a Group to your Application
- Click the "Group" tab.
- Click the "Add Group" button.
- Choose a "Group".
Create an Identity Provider in Okta
1. Sign in to the Okta Developer Console
- Navigate to the Okta Developer Console and sign in using your Okta administrator account.
- Expand the "Security" tab from the Dashboard, and click the "Identity Providers" tab.
2. Add a new Identity Provider
- Click the "Add Identity Provider" button.
- Choose the "OpenID Connect" type.
- Click "Next" to proceed.
3. Configure General Settings
- Fill in the "Name" field with a name for your identity provider, ie. "Biopass".
- Choose "SSO only" as "Idp Usage".
- Choose "openid", "email", and "profile" as "Scopes".
4. Obtain Biopass OIDC Application Credentials
- From the "Applications" tab in the Biopass Admin Dashboard, click on the name of the OIDC application you created.
- Copy the "Client ID", "Client Secret", and "Issuer" values from the "Settings" tab.
5. Configure Client Details
- Fill in the "Client ID" and "Client Secret" fields with credentials from the previous step.
- Choose "Client secret" as "Authentication type" field.
6. Configure Endpoints
- Fill in the "Issuer" field with the value obtained from the OIDC Application in Biopass.
- Fill in the "Authorization endpoint" with "<Your_Issuer>/authorize" value.
- Fill in the "Token endpoint" with "<Your_Issuer>/token" value.
- Fill in the "JWKS endpoint" with "<Your_Issuer>/.well-known/jwks.json" value.
- Click "Finish" to proceed.
Configure Allowed Callback URL in Biopass
1. Obtain Redirect URI from Okta
- Go back to the list of "Identity Providers" in Okta
- Click the Identity Provider you created to expand the details.
- Copy the "Redirect URI".
2. Configure Biopass
- From the "Applications" tab in the Biopass Admin Dashboard, click on the name of the OIDC application you created.
- Click Edit button (pen icon) in the "Allowed Callback URLs" section.
- Click the "Add Callback URL" button.
- Paste the "Redirect URI" copied from Okta.
- Click "Save" to proceed.
Test the OIDC Integration
Proceed to log in to your application using Okta as you normally would. You should now be redirected to Biopass for Passwordless Authentication! Voila! 😃
Updated over 1 year ago