Skip to main content
Eptura Knowledge Center

Configure the Identity Provider (IdP): Okta

  1. Last updated
  2. Save as PDF
OnSite Deployment

This is an outline of the key steps and requirements for registering the OnSite app with Okta. We recommend you consult with your IT department for steps specific to your organization.

Contents

Step 1. Register the new Otka app integration

  1. Sign in to Okta Workforce Identity Cloud.
  2. Go to Applications.
  3. Click Create App Integration.
  4. Select the OIDC - OpenID Connect, then Native Application.

clipboard_1d329c73-35b7-4bd9-bd51-7056295f1370.png

  1. Click the Next button.

clipboard_ce94d86a-22c9-458d-9d82-b6d7f7607ee0.png

  1. Fill in a App integration name for your application.
  2. Select Allow everyone in your organization to access option.
  3. Click the Save button.

Step 2. Complete the General settings

clipboard_552a00a6-d2bb-4ccf-9f12-7c2cd9f03304.png

  1. Under the General Settings, click the Edit button.

clipboard_4769a540-62e4-4825-afa6-6d07c554ae55.png

  1. Under the Grant type, select the Refresh Token.
  2. Under the Refresh Token, use the persistent token.

If this option is not selected, the user will be prompted to login again when the token expires.

Step 3. Set up the Redirect/Callback URIs

  1. Under Sign-in redirect URIs, click the Add URI button.
  2. Fill in the value: com.archibus.onsite.auth:/callback

Make sure that the callback redirect URI is filled in as indicated.

If you are using the Web version of Postman, also add: https://oauth.pstmn.io/v1/browser-callback

clipboard_03e18d96-3c8e-4deb-a21c-c637473d63a0.png

 

  1. Under the Sign-out redirect URIs, click the Add URI.
  2. Fill in the value: com.archibus.onsite.auth:/logout

clipboard_6be342c8-c766-4914-9837-875a0e12c04a.png

  1. Click the Save button to complete the configuration.

The default well-known configuration endpoint for Okta is:

https://{yourOktaDomain}/.well-known/openid-configuration

Step 4. Validate the application using Postman

  1. Open a browser and navigate to https://web.postman.co
  2. Go to Workspaces and select My Workspace.
  3. Create a new (blank) collection and name it appropriately.
  4. Select Authorization tab.
  5. Complete the following:
    • Auth Type: change to Oauth 2.0
    • Grant type: change to Authorization Code (With PKCE)
    • Callback URL: any of the Redirect URIs, Okta app registration step8/9
    • Auth URL: https://{yourOktaDomain}/oauth2/v1/authorize
    • Access Token URL: https://{yourOktaDomain}/oauth2/v1/token
    • Client ID: Client ID, Okta app registration step 5
    • Scope: openid
    • State: 1
    • Client Authentication: change Send as Basic Auth Header to Send client credentials in body.
  6. Click Get New Access Token button.

clipboard_01bdbaf1-bf29-4636-b41b-039c75f2e6ac.png

Step 5. Set up Archibus Web Central to use the Okta app

Configure the following Archibus Web Central properties files to reflect the Okta identity provider (IdP) and the Apollo GraphQL server.

  • \archibus\WEB-INF\config\oidc.properties
  • \archibus\WEB-INF\config\context\applications\configservice.properties

Learn what to change, in Configure Web Central to Use the Okta Identity Provider.