Okta is an identity and access management company. You can use the Okta software to manage and secure user authentication in applications like Omniscope. You can find out more about Okta by visiting their webpage.
Okta provides a lot of different security features and deployment solutions. This document is not intended to be an in-depth discussion of all these features. Instead we will guide you through the process of setting up Okta and configuring Omniscope to use Okta to manage user authentication using OpenID Connect. Before deploying any access management tool on your production server you should ensure you are familiar with the technologies involved and have studied the providers documentation carefully.
Register an account
First we need to create an Okta account. You can setup an account for free with a 30-day trial by clicking on the Try Okta link on their webpage.
The first time you login you will need to setup multifactor authentication.
Create an application
Open the Okta admin console.
We need to create an application to manage our application.
Click the Applications tab.
Click Add application.
Click Create New Application.
Select Platform > Web.
Change the sign on method to OpenID Connect.
Next we need to add some application details.
Enter your application name and optionally upload a logo.
Select the Login redirect URI. If you have installed Omniscope locally this will be http://localhost/oidc-cb.
Now your application has been created you should see the application settings. Scroll the page down and you should see the Client ID and Client Secret. Make a not of these as we will need these later on when we enable Okta in Omniscope.
Obtain the Issuer URI
We need to make a note of the Issuer URI for our Omniscope configuration later.
Select Security > API. The Issuer URI should be listed
In the admin console select Directory > Add person. Configure the users details. Add as many users as required.
We will be setting up Omniscope to authenticate users using Okta.
Make sure Omniscope is installed on your local computer and you are running Okta.
Setup the Okta Provider
Start Omniscope. Click on the admin user button in the top-right corner and click Edit permissions.
Inside the Edit permissions dialog:
Scroll down to the OpenID Connect section and tick Set configuration for OpenID connect.
Click Add Provider. In the dropdown select Okta.
You should see the Okta provider has now been added, but is not yet configured.
Click Okta to open the configuration dialog.
Enter the Client ID, Client Secret and Issuer URI you obtained previously.
For more details regarding other options in the dialog see here.
Click Test Connection to ensure Okta has been successfully configured. You should see a popup informing you that validation was successful.
Now click Back then Save.
Create a Group
We now need to create a group of users that we allow access to Omniscope. These users will be authenticated using Okta.
Click on the admin user button in the top-right corner and select Edit permissions. In the Edit permissions dialog:
Scroll down to the Groups section and click Add Group.
Click on the Group name. In the Group permissions dialog:
Click Configure permissions and select the permissions for our users. In this example I am selecting Yes to all, but feel free to configure whichever permissions are required.
Click Add authentication mechanism and select OpenID Connect.
Now click OpenID Connect to configure our users. In the dialog:
Tick Restrict by email address.
Click the + button and add the email address we want to allow.
Click Back, Back then Save.
We have now configured Okta as our OpenID authentication provider in Omniscope. The next step is to test and verify that the authentication process works as expected.
Before we can do this we must ensure that Omniscope is running as an external web server:
Open the admin page and click Network.
Tick Run external web server.
Click Save Changes, then shutdown and restart Omniscoipe.
Click Login then click Continue with Okta. Omniscope will redirect your authentication request to the Okta server. You should now see a Log In window.
Enter the username and password of your user, then click Log In. If the authentication was successful you should now be redirected back to Omniscope.
You have now logged in and are free to use Omniscope based on the permissions configured earlier. If you click on the user button in the top right corner you should see the users email address.
Please let us know if you have any questions or feedback.