Okta Configuration
With Okta, all users invited to SafeStack can sign in using their company’s Okta identity. This document describes how to set up your Okta tenant to authenticate your users on SafeStack.
Users will need to be invited to your SafeStack organisation before they can sign in using Okta. SCIM support to auto manage your organizations users through your identity system is not yet supported.
Set-up guide
- Log in to your
Okta admin account
and navigate toApplications
- Click
Create App Integration
to create a new application - Select
OIDC - OpenID Connect
for theSign-in method
, which will reveal options forApplication Type
- chooseWeb Application
Provide the following information in the New Web App Integration wizard:
App integration name okta-oidc-safestack (or a name that follows your organization's conventions and is clearly for SafeStack) Grant type Authorization Code Sign-in redirect URIs https://learn-safestack-io.au.auth0.com/login/callback
https://auth.learn.safestack.io/login/callbackSign-out redirect URIs https://learn.safestack.io/ Controlled access (Select either Allow everyone or specify the selected groups that will be using SafeStack) Login initiated by Either Okta or App Initiate login URI https://learn.safestack.io Application visibility Display application icon to users - Click
Save
and you will be redirected to the General settings page of your new application - Make a note of your organization’s Okta subdomain, and app’s Client ID and Client Secret
- To show the app on your users Okta dashboards, click the
Edit
button, scroll down to theLOGIN
section, then changeLogin initiated by
to “Either Okta or App”, then select both options (if desired) forApplication Visibility
, then clickSave
to finish
What will I need to send to SafeStack?
Using OneTimeSecret (or temporary sharing using your password manager) send your organization’s Okta subdomain
, and the application’s Client ID
and Client Secret
to our SafeStack team to set up your connection. It is important to send these details in a secure manner - please do not send these to us in plain text in an email.
What happens after I send the credentials?
After we receive your credentials, we’ll finish the process on our end and contact you. Then, we’ll have a member of your organization test the connection before implementing Okta SSO in your entire organization.