Link Search Menu Expand Document

Okta Configuration

With Okta, all users invited to SafeStack can sign in using their company’s Okta identity. This document describes how to set up your Okta tenant to authenticate your users on SafeStack.

Users will need to be invited to your SafeStack organisation before they can sign in using Okta. SCIM support to auto manage your organizations users through your identity system is not yet supported.

Set-up guide

  1. Log in to your Okta admin account and navigate to Applications
  2. Click Create App Integration to create a new application
  3. Select OIDC - OpenID Connect for the Sign-in method, which will reveal options for Application Type - choose Web Application

  4. Provide the following information in the New Web App Integration wizard:

    App integration nameokta-oidc-safestack (or a name that follows your organization's conventions and is clearly for SafeStack)
    Grant typeAuthorization Code
    Sign-in redirect URIshttps://learn-safestack-io.au.auth0.com/login/callback
    https://auth.learn.safestack.io/login/callback
    Sign-out redirect URIshttps://learn.safestack.io/
    Controlled access(Select either Allow everyone or specify the selected groups that will be using SafeStack)
    Login initiated byEither Okta or App
    Initiate login URIhttps://learn.safestack.io
    Application visibilityDisplay application icon to users
  5. Click Save and you will be redirected to the General settings page of your new application
  6. Make a note of your organization’s Okta subdomain, and app’s Client ID and Client Secret
  7. To show the app on your users Okta dashboards, click the Edit button, scroll down to the LOGIN section, then change Login initiated by to “Either Okta or App”, then select both options (if desired) for Application Visibility, then click Save to finish

What will I need to send to SafeStack?

Using OneTimeSecret (or temporary sharing using your password manager) send your organization’s Okta subdomain, and the application’s Client ID and Client Secret to our SafeStack team to set up your connection. It is important to send these details in a secure manner - please do not send these to us in plain text in an email.

What happens after I send the credentials?

After we receive your credentials, we’ll finish the process on our end and contact you. Then, we’ll have a member of your organization test the connection before implementing Okta SSO in your entire organization.