黑料海角91入口

Help Center Home > Authentication > Configure Okta as an Identity Provider

Configure Okta as an Identity Provider

Integrate an existing Identity Provider (IdP) with 黑料海角91入口 to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.

Prerequisites

  • You need to have Admin with Billing permissions to configure an IdP. 
  • You need to have a valid Okta account with admin permissions.
  • All 黑料海角91入口 users must have unique company email addresses, and the email of the 黑料海角91入口 user and external IdP email used for Federation must match. 

Considerations

  • Federated authentication will be applied to only specific user groups. See Routing Policies for Identity Providers to learn more.
  • Creating the IdP won't automatically result in users logging in with that IdP.
  • User Portal access will be available with a federated login. If you don't want User Portal access, you can create a policy to deny this, see Get Started: Conditional Access Policies.
  • If Password Sync is disabled on the Okta SCIM provisioning connector, Okta will still send 黑料海角91入口 a random value for the password. This will result in the User鈥檚 password status to show as 鈥淎ctive鈥.

Preparing your IdP to Configure with 黑料海角91入口

To prepare your connection:

  1. Log in to your Okta account. 
  2. In the left navigation menu, click Applications > Applications
  3. Click Create App Integration, then in the next modal, for Sign-in method, select OIDC - OpenID Connect
  4. For Application type, select Web Application > Next
  5. On the next page, for App integration name, enter a name associated with 黑料海角91入口. 
  6. For Grant type > leave the default selection. 
  7. Under Sign-in redirect URIs, there is a link populated by default that needs to be replaced with this link: https://login.jumpcloud.com/oauth/callback
  8. For Sign-out redirect URIs, click the 鈥X鈥 next to the link to clear it. 
  9. Under Assignments, select Allow everyone in your organization to access, unless you only want this applicable to certain groups, in which case select Limit access to selected groups and then enter the groups you want and click Save
  10. If you Allow everyone in your org to access, another option will appear under Enable immediate access (Recommended). Select Enable immediate access with Federation Broker Mode to require users to authenticate through 黑料海角91入口.
  11. Click Save
  12. On the next page, you can manage your app. 

Now you have a connection to 黑料海角91入口 in Okta. Next, you鈥檒l want to configure the connection in 黑料海角91入口. 

Configuring Okta as an IdP in 黑料海角91入口

To configure Okta:

  1. Log in to your .
  2. Click DIRECTORY INTEGRATIONS > Identity Providers.
  3. Click the Add Identity Provider dropdown menu, and select Okta.
  4. Enter an Identity Provider Name* as a display name (i.e. Okta IdP).
  5. Next, you鈥檒l need to copy/paste the following information from your Okta account into the required fields in 黑料海角91入口:
    • Okta IdP URL*
      • From your Okta account, click your email in the top right corner, under your name and Okta email address, there is a URL with .okta.com at the end. This is your Okta IdP URL.
      • Note: 鈥.well-known/openid-configuration鈥 will be appended to the end of your Okta tenant URL, allowing for 黑料海角91入口 to obtain all the relevant OIDC endpoints from the hosted file.
    • Client ID*
      • Click Application > General, then under Client Credentials is where your Client ID lives.
    • Client Secret*
      • Under CLIENT SECRETS is where you can copy your current Client Secret, or Generate new secret
  6. Click Save. You鈥檒l be prompted to verify that you want to enable Federated Device Authentication for your users鈥 login. Select I understand the impacts above, then click Yes, Continue.

Managing the IdP 

To manage the IdP:

  1. From your , click DIRECTORY INTEGRATIONS > Identity Providers.
  2. You can update the name, Okta IdP URL, Client ID, and Client Secret. 
  3. Under Authentication, you鈥檒l see that Federation is applied to your users, allowing them to authenticate with an IdP.
  4. Under Device Account Provisioning, you can configure either Self Service Account Provisioning or Automated Device Enrollment for whichever OS you鈥檙e provisioning. The Status displays either Enabled or Disabled accordingly, click Configure to edit. 

See Provision New Users on Device Login and Automated Device Enrollment to learn more.

Deleting the IdP

To delete the IdP:

  1. From your , click DIRECTORY INTEGRATIONS > Identity Providers.
  2. At the bottom of the IdP Configuration page, under Delete Identity Provider, click Delete IdP
  3. You鈥檒l be prompted to confirm your deletion, then click Yes, Delete.

Additional Resources:

Walk through a guided simulation for

Back to Top

List IconIn this Article

Notebook IconLearn More

Get Started: Federated Authentication

Device Password Sync

Externally Managed Passwords

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case