[IdP] I am trying to integrate Okta with my Outsystems apps. I have few doubts :

[IdP] I am trying to integrate Okta with my Outsystems apps. I have few doubts :

  
Forge Component
(25)
Published on 4 Jul by Telmo Martins
25 votes
Published on 4 Jul by Telmo Martins


  • In ‘Single sign on URL’ & ‘Audience URI ‘ (in OKTA configuration page ) we have provided the URL ‘http://YOUR_SERVER/IdP/SSO.aspx’ which is available in idp eSpace (eSpace provided in the forge). Is it the correct configuration ?
  • Where can we specify the Outsystems Application/eSpace name to which a specific Okta configuration should point to? In the forge, it is not mentioned where we can provide the name/ URL of our application.
  • Do we need to configure all the tabs in IDP configuration page (Idp server settings/SP Connector settings and Claims/SP Connector internal settings) ?
  • Also could you please let us know how the idp authentication works with the user module authentication? We are specifying the configuration only in ‘No Permission’ page.

Hi Jeffin,

  • A: Yes, it should be that URL, however you should use https
  • A: Sorry, did not understand, can you clarify
  • A: Yes, but not all the fields are mandatory.
  • A: The IdP connector will use as username the 'Username' 'claim (if not found or value is empty SAML NamdID value will be used instead). So, we'll search for that username in Users table. If found the user is logged in. If the user was not found on Users table, then you have a configuration on last tab which is 'Automatic User Provision', if set to True, a new user will be created in Users table and will be logged in, if that flag is set to False, the user will not be able to login.


Regards.

Telmo Martins wrote:

Hi Jeffin,

  • A: Yes, it should be that URL, however you should use https
  • A: Sorry, did not understand, can you clarify
  • A: Yes, but not all the fields are mandatory.
  • A: The IdP connector will use as username the 'Username' 'claim (if not found or value is empty SAML NamdID value will be used instead). So, we'll search for that username in Users table. If found the user is logged in. If the user was not found on Users table, then you have a configuration on last tab which is 'Automatic User Provision', if set to True, a new user will be created in Users table and will be logged in, if that flag is set to False, the user will not be able to login.


Regards.

Hi Telmo,


Thanks for the details.

1 : If I am specifying only SSO URL in OKTA, where should I specify my website URL to which OKTA should redirect?

2:  We have multiple website which are build in outsystems. Each websites are using each eSpace and different URL. I am trying to access only 2 website using Okta. In this case where should I mention the eSapce name or website name?

4. Do I need to change my login page also similar to 'No permission'  page to restrict the user accessing the website without okta?


Hi Jeffin,

1)  You mean on okta admin console? Its explained on Instructions page, the field on OKTA console is 'Single sign on URL'


2)  If I understand right, you have two applications built on OutSystems which should use OKTA authentication. That's fine, both will perform login through the IdP connector and you can have more OutSystems application that do not use OKTA.


3) On NoPermission that's where you can control which should happen for each application, perform a standard login on OutSystems or perform a login through OKTA, basically redirect the user to a standard OutSystems login page or redirect him/her to IdP component (also on the Instructions page are the steps to achieve that).

As you should not use the same UserProvider/Tenant to perform login on OKTA and standard OutSystems Login, otherwise the user will be logged for all applications at once. 


Regards.