Process Overview for Setting Up Okta SSO with WISdom
To integrate your own identity provider with WISdom, you will need to configure settings in both WISdom and your identity provider, in this case, Okta. This document will guide you through the following steps:
- Create an OIDC Compliant Application in Okta
- Set up a new application in your Okta account specifically for supporting WISdom SSO.
- Generate WISdom SSO Credentials
- Create the necessary SSO credentials for the newly created application.
- Configure Trust Settings
- Adjust the Okta application settings to enable a trust with WISdom.
- Verify ID Token URL
- Ensure that the Okta OpenID Connect ID Token URL is static.
- Retrieve Configuration Values
- Collect various configuration-related values from the newly configured application in Okta.
- Enter Values in WISdom
- Input the retrieved values into the WISdom SSO configuration window.
- Test the Authentication Method
- Conduct tests to verify that the new authentication method is functioning correctly.
- Save Authentication Credentials
- Save the working authentication credentials and enable SSO for all WISdom accounts on the Team page.
Note: WISdom SSO currently support Client Credentials only, not PKCE for verification.
Create a new Okta App Integration under Applications
- Log in to Okta Admin Console:
- Navigate to your Okta Admin Dashboard.
Create a OIDC Web Application
- Go to Applications:
- In the left-hand menu, select Applications > Applications.
- Add Application:
- Click the Create App Integration button.
-
Select Sign-in Method:
- OIDC - OpenID Connect is used by WISdom.
- Other options are available that are not compatible with WISdom, SAML 2.0, SWA (Secure Web Authentication), or API Services.
- OIDC - OpenID Connect is used by WISdom.
-
Select Application Type:
- Web Application
Configure General Settings
-
Provide a name for the application:
- We recommend WISdom or Fortified WISdom
-
Do not require DPoP
-
Define Grant Type:
- Select Client Credentials for "Client acting on behalf of itself
- Authorization Code should be defaulted
- Select Client Credentials for "Client acting on behalf of itself
-
Setup Sign-in Redirect URLs:
- Add 2 URLs for the redirect
- https://app.fortifiedwisdom.com/bff/v1/oauth/oidc-callback
- https://app.fortifiedwisdom.com/login
- Add 2 URLs for the redirect
-
Define the Sign-out redirect URLs :
- https://app.fortifiedwisdom.com/logout
-
Assignments Configuration:
- Assing a group that will be accessing WISdom or leave Everyone as the default
- Users without an account configured and assigned in WISdom will not have access, so Everyone works well
- Assing a group that will be accessing WISdom or leave Everyone as the default
-
Saving the Data
- Saving the data will generate the Client ID and and Client Secret
Collect the General Information of the New App
-
Collect the Client ID
- Store the data for input into WISdom SSO Wizard
-
Copy the Client Secret
- Store the data for input into WISdom SSO Wizard
You will enter these credentials in the WISdom SSO configuration screen
Add WISdom domain as a Trusted Origin (CORS)
Under Security / API / Trusted Origins click the Add Origin button
Add a new entry to trust the https://app.fortifiedwisdom.com domain. Make sure to choose both types: CORS and Redirect.
Read Configuration Settings from your Okta Application
Now that the application is setup, the simplest way to see all the configuration values you need for setup is to go to your account endpoint to see the values in JSON format. Make sure you use the right domain.
https://[YOUR OKTA ACCOUNT DOMIAN]/.well-known/openid-configuration
- Copy values for
- Use “jwks_uri" to get the Public Key URL
- “token_endpoint" to get the Token URL
- This URL will be appended with URL\OAuth2\[ClientID]
- “authorization_endpoint" to get the Authentication URL
- “issuer" to get the Token Issuer
- Enter these values for your SSO configuration with WISdom along with your Client Credentials