Link Search Menu Expand Document

Okta Configuration

With Okta, all users invited to SafeStack can sign in using their company’s Okta identity. This document describes how to set up your Okta tenant to authenticate your users on SafeStack.

Users will need to be invited to your SafeStack organisation before they can sign in using Okta. SCIM support to auto manage your organizations users through your identity system is not yet supported.

Set-up guide

You will need to set up an Okta App Integration and send us some details that we need, to set up SSO with SafeStack. The steps below explain the process.

Step 1

  1. Log in to your Okta admin account and navigate to Applications
  2. Click Create App Integration to create a new application
  3. Select OIDC - OpenID Connect for the Sign-in method, which will reveal options for Application Type - choose Web Application

  4. Provide the following information in the New Web App Integration wizard:

    App integration nameokta-oidc-safestack (or a name that follows your organization's conventions and is clearly for SafeStack)
    Grant typeAuthorization Code
    Sign-in redirect URIshttps://learn-safestack-io.au.auth0.com/login/callback
    https://auth.learn.safestack.io/login/callback
    Sign-out redirect URIshttps://learn.safestack.io/
    Controlled access(Select either Allow everyone or specify the selected groups that will be using SafeStack)
    Login initiated byEither Okta or App
    Initiate login URIhttps://learn.safestack.io
    Application visibilityDisplay application icon to users
  5. Click Save and you will be redirected to the General settings page of your new application
  6. Make a note of your organization’s Okta subdomain, and app’s Client ID and Client Secret
  7. To show the app on your users Okta dashboards, click the Edit button, scroll down to the LOGIN section, then change Login initiated by to “Either Okta or App”, then select both options (if desired) for Application Visibility, then click Save to finish

Step 2

Get in touch with us with the following information that you would have noted down from previous steps:

  • Okta subdomain
  • Application Client ID
  • Application Client Secret

Because this information is sensitive, we recommend that you use your organization’s preferred way of sharing secrets with third parties or vendors. This could include using a service like OneTimeSecret or the secret sharing functionality offered by your password manager.

Please share this information with sso@safestack.io and we’ll handle the rest!

What happens after I send the credentials?

After we receive your credentials, we’ll finish the process on our end and contact you. Then, we’ll have a member of your organization test the connection before implementing Okta SSO in your entire organization.