OpenID Connect

Configuring a connection with OpenID Connect

There are four steps to set up a connection with OpenID Connect:

Follow the configuration steps below:

Create an integration in Access Control

  1. Access the Integrations screen from the left menu.

  2. Select the integration type OpenID and click on CONFIGURE INTEGRATION.

  3. Copy the URL from the Callback URL field.

    openid integration

    This is the URL where the user will be redirected after authentication and will be used later in the OKTA configuration.

Create an app in OKTA

  1. Open a new tab and go to OKTA.

  2. Create a new integration app.
    To do this, go to Applications, then click Create App Integration.

    okta create app integration

  3. In the Create a new app integration modal:

    1. In the Sign-in-method section: select the option OIDC-OpenID Connect.

    2. In the Application type section: select Web Application.

    3. Click NEXT.

      okta oidc openid connect

  4. In the New Web App Integration screen:

    1. In the General Settings section: fill in the App integration name field with app’s name.

    2. In Sign-in Redirect URIs, paste the callback URL you copied when creating the integration in Access Control.

      okta new web integration

    3. Scroll to the bottom and, in the Assignments section, select “Allow everyone in your organization to access.”

    4. Click SAVE.

      okta assignments

  5. In the My Web App screen, on the General tab:

    1. Copy the Client ID and Client secret values and save them for later use.

      okta clientid client secret

  6. You will also need the Issuer URI.
    To obtain it, go to Security  API from the left menu.

    okta security api

    In the API screen, copy the Issuer URI and save it for later use.

    okta issuer uri

Configure the integration in Access Control

  1. After creating the app in OKTA, return to Access Control and fill in the fields below with the data you obtained:

    • Client ID: information obtained in step 5, in the My Web App screen.

    • Client secret: information obtained in step 5, in the My Web App screen.

    • Issuer: information obtained in step 6, in the API screen.

    • Policy: select the policy you want to apply for federated users.

      If there are policies configured on the identity provider side, they will override this one.

  2. Click on CREATE.

    acc create integration

  3. Click on AGREE AND CONNECT. You will see a message confirming the integration was created.

    acc agree connect

Create a user in OKTA

  1. To create a user in OKTA, go to Directory  People from the left menu.

  2. Then click Add person in the upper menu of the People screen.

    okta directory people add person

  3. In the Add Person modal, fill in the fields with the user information and click Save.

    okta add person

  4. You will see a screen with the registered users. If the user does not appear, refresh the page.

    okta select user

  5. Select the user and click Assign Applications.

    okta assign applications

  6. In the Assign Applications modal, click on the Assign button corresponding to your app.

    okta assign

  7. In the presented modal, scroll and click on Save and Go Back.

    okta save and go back

  8. Then click on Done.

    okta done

You can now authenticate with your user via OpenID integration.

Disabling or editing a connection with OpenID Connect

Once active, the connection can be updated at any time. To do this, click any field you want to edit, make the necessary changes and click UPDATE.

To disable a connection, click the DISCONNECT button.

The DISCONNECT button will disable the access of all users from that integration. To reconnect, provide again all the information described above (Configuring a connection with OpenID Connect).

The DISCONNECT button does not change your settings in your Identity Provider.

User login and control

Contrary to what used to happen with the Sensedia Platform login, now the login with username and password is still possible even after the configuration of OpenID Connect.

A user will be able to log into Sensedia products either using OpenID Connect or separately.

Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]