The following section outlines the configuration of SAFEQ Cloud integrated with OKTA through their API interfaces.
Requirements:
- It is necessary to generate API token in the OKTA administration UI. This API token will be used by SAFEQ Cloud server for authentication operations.
1. Creating an OKTA Token for integration
In the OKTA administration console, navigate to API and Tokens
Click Create Token and enter a reference name for the token.
The API Token appears on the screen, and only once, so carefully copy this token for use later in SAFEQ Cloud.
2. Configure SAFEQ Cloud for OKTA authentication
Add a new OKTA authentication provider in the SAFEQ Cloud authentication settings, and enter the following details:
| Domains | the domain names of the server. It must match the domain part of the user name. For example, if the domain name of OKTA authentication provider is okta.domain.com, then the user added in Access Control should be user@okta.domain.com. |
| Priority | A number that determines the order in which authentication providers will be called until one succeeds. Higher-priority providers will be called first. |
| OKTA endpoint address | the address of the OKTA server prefixed with customer’s domain name. For example “customer-acme.okta.com” or “dev-xxx.oktapreview.com” |
| API token | the API token obtained from OKTA administrator |
| MFA timeout, seconds | the maximum time in seconds server will wait for multi-factor authentication to complete |
Now users and groups in OKTA are accessible for Access Control configuration.
When adding a new access control entry for an OKTA authentication provider, the users or the groups from Access Control must contain the same domain as the domain name defined for that OKTA authentication provider.
Post your comment on this topic.