Okta SSO Setup
Information on adding Okta SSO as an identity provider to allow for single sign-on access to the InsCipher Connect portal.
If your organization already has an Okta account, we can integrate it with the Connect portal for a faster and more secure login experience for your users.
Setup Requirements
In order to connect your Okta account with the InsCipher Connect® portal for a streamlined SSO login experience, you will need to follow the step below. As there is a cost to support this integration, we ask clients interested in implementing this functionality to contribute to the cost. Please contact your InsCipher implementation specialist should you have questions.
Method and Type
We utilize an OAuth 2.0 authentication method and a Web Application type for this integration.
Getting Started
To get started, an Okta admin must sign in to the Okta Admin Console.
In the main panel, click Create a new app integration and follow the setup process, selecting OIDC - OpenID Connect method and Web Application type. You will need to associate applicable users to this new application.
Callback or Sign-in Redirect URI:
After creating a new app, please add this sign-in redirect URI:
https://surpluslines.inscipher.com/sso/connect/check/okta
Required Parameters
The following information will need to be securely sent to the InsCipher implementation team in order to connect your OKTA SSO account:
- Client ID
- Client Secret
- Issuer URL
Where to get this information?
Go to your Okta settings and copy the required parameters:
Note
The Issuer URL needs to add oauth2 e.g. https://dev-74470422.okta.com/oauth2
Once Activated
After the OKTA SSO integration is enabled, your users will no longer be able to log in using their legacy usernames/passwords. If users try to edit their passwords, they will see a message like this:
Therefore, should you wish to implement this with your organization, it will be important that users are aware of this change.
Once enabled, the process is pretty straightforward. On the main login screen, https://surpluslines.inscipher.com, would just click the "OKTA" button, add their company email, then they would be directed (the first time) to add their Okta password. After that, our system would drop a cookie so that future logins will only require them to add their email.
Ongoing Maintenance
Should any of the credentials provided to InsCipher be changed, these would need to be updated in the portal. This can be done by either contacting support or by going to the User settings and clicking on the "AUTHENTICATION PROVIDERS SETUP" button on the top right of the page:
Updated 12 days ago