Usage Scenario
Single sign on with Okta and authorize users based on Okta group membership information
How to Set Up
Single Sign On with Okta
- Make sure your OneDev instance can be accessed publicly, and configure the public server url in Administration / System Setting
- Login to Okta to manage the applications
- Add OneDev as a web application to get the client id and secret
- Switch to api/authorization servers to get the default issuer URL
- At OneDev side, switch to page Administration / Authentication Source / Single Sign On, add a provider of type OpenID , with information from previous steps
- Now sign out and a button Login with Okta will appear at bottom of the login page. Anyone in your Okta organization assigned to OneDev application will be able to login via this button
Authorize Users Based On Okta Group Membership Information
- At OneDev side, edit Okta single sign on provider, and specify groups claim as groups
- At Okta side, switch to page api / authorization servers, select default authorization server to add groups scope
- Continue to add groups claim to be included in ID token and groups scope like below
-
At OneDev side, switch to page Administration / Group Management, add necessary Okta groups (same name) and assign appropriate permissions
-
Now users signed in via Okta will be added to corresponding groups at OneDev side to get appropriate permissions
Access OneDev from Okta Side
To access OneDev from Okta side, edit the application to enable implicit grant type, tick the option display application icons to users, and configure initiate login url as below:
Then for all users added to the application, they will be able to access OneDev directly from their Okta dashboards: