# Okta

Okta OAuth is a secure authorization protocol that Okta, a cloud-based identity and access management service, allows users to grant third-party applications access to their Okta resources without sharing their username and password.

OAuth provides a token-based authentication system where users can grant access to their Okta resources without disclosing their credentials to that service. The user first logs in to their Okta account and then permits the third-party application to access specific resources using an access token. The application then uses this token to access the authorized resources on the user's behalf without needing the user to provide their login credentials again.

{% hint style="info" %}
PlexTrac only supports IDP-initiated integration through SAML. If using IDP Okta outside of a SAML-based authentication, PlexTrac does not support but recommends SP-initiated SSO.
{% endhint %}

## Configuring Okta

<mark style="background-color:yellow;">Step 1:</mark> Log in to Okta.

<mark style="background-color:yellow;">Step</mark> *2*<mark style="background-color:yellow;">:</mark> Click **Applications** in the admin panel.

<mark style="background-color:yellow;">Step 3:</mark> Click **Add Application**.

<mark style="background-color:yellow;">Step 4:</mark> Click **Create New App** and fill out the form. For **Platform**, choose "Web." For the **Sign-on method**, select "OpenID Connect." Click **Create**.

<div align="left"><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2F6CkNeStiBaQLYBdRkptt%2Fimage.png?alt=media&#x26;token=9388aa5e-5e35-42e0-b1b8-eea5e8a3590a" alt=""></div>

<mark style="background-color:yellow;">Step 5:</mark> Enter a value for the **Application name** and add `{{ your_domain }}/api/v2/authenticate/okta` to **Login redirect URIs**. Click **Save**.

<div align="left"><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FMlFH1ZaXHpZkARbEJDWf%2Fimage.png?alt=media&#x26;token=60134c12-2b1b-404c-b373-3b9906593669" alt=""></div>

<mark style="background-color:yellow;">Step 6:</mark> On the next page, copy values for **Client ID** and **Client secret** for later use.

<div align="left"><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FIJodfymjtg6ptH4kMU2P%2Fimage.png?alt=media&#x26;token=1b8c7306-8c21-4e76-bbf2-ca4c5d3ca83f" alt=""></div>

<mark style="background-color:yellow;">Step 7:</mark> Click the **Sign On** tab, copy the value for Issuer, and save for later. This will be later used in PlexTrac as the **Provider URL**.

<div align="left"><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FxmRav68KxvYb0Plwm6fE%2Fimage.png?alt=media&#x26;token=ce4fda69-0b38-4d7b-9407-f5e02100252d" alt=""></div>

<mark style="background-color:yellow;">Step 8:</mark> Log in to PlexTrac as an admin.

<mark style="background-color:yellow;">Step 9:</mark> Navigate to the **Account Admin** page. Click **Security** under "Security & User Management."

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FLMrDh1NAKDk8Zs37wHWl%2Fimage.png?alt=media&#x26;token=5c641442-9672-4522-bd77-da1f3920f791" alt=""><figcaption></figcaption></figure></div>

<mark style="background-color:yellow;">Step 10:</mark> Click **Authentication Methods** under "Authentication."&#x20;

<figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FDjzLjkM3KZWeXsKBPPvZ%2Fimage.png?alt=media&#x26;token=b4507847-a064-4386-aeea-3eb2439dd7c1" alt=""><figcaption></figcaption></figure>

<mark style="background-color:yellow;">Step 11:</mark> From the **OAuth Providers** tab, elect "Okta" from the dropdown menu under "Authentication Providers."

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FDqhJ8Hu2XyHLDmF3Cqos%2Fimage.png?alt=media&#x26;token=3401e833-fac9-45c3-b1fb-37fe33972fb1" alt=""><figcaption></figcaption></figure></div>

<mark style="background-color:yellow;">Step 12:</mark> Enter values for the fields **Provider URL**, **Identifier**, and **Secret** obtained from earlier steps.

<figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FrESN6LFOkYNYmvVRl3UE%2Fimage.png?alt=media&#x26;token=cce05c92-13de-48e5-a6db-7cbc11b2a36c" alt=""><figcaption></figcaption></figure>

<mark style="background-color:yellow;">Step 13:</mark> Toggle on the **Enabled** button. Click **Save**. &#x20;

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FBoCSetqVXX68oEBb56nC%2Fimage.png?alt=media&#x26;token=ee340ce3-9d2b-4cdb-a03f-f2cdb65f9c38" alt=""><figcaption></figcaption></figure></div>

<mark style="background-color:yellow;">Step 14:</mark> Return to "Security & User Management" and click **Users**.

<div align="left"><figure><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FtqK8doMlZrj6dhvlJWX1%2Fimage.png?alt=media&#x26;token=a526fd96-57cd-4795-afee-4e21728fa16f" alt=""><figcaption></figcaption></figure></div>

<mark style="background-color:yellow;">Step 15:</mark> Under the column header "Authentication Provider," select the desired user and change the value to "Okta."

<div align="left"><img src="https://4252973360-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LXA6EayCcg12qfDcfXd%2Fuploads%2FmXVtLE4FIDEpQUBe3oxz%2Fimage.png?alt=media&#x26;token=438f3e9b-acce-4228-892b-c8a2fbb8a326" alt=""></div>

{% hint style="info" %}
Each user has to be set individually.
{% endhint %}