Okta OAuth is a secure authorization protocol that Okta, a cloud-based identity and access management service, allows users to grant third-party applications access to their Okta resources without sharing their username and password.
OAuth provides a token-based authentication system where users can grant access to their Okta resources without disclosing their credentials to that service. The user first logs in to their Okta account and then permits the third-party application to access specific resources using an access token. The application then uses this token to access the authorized resources on the user's behalf without needing the user to provide their login credentials again.
PlexTrac only supports IDP-initiated integration through SAML. If using IDP Okta outside of a SAML-based authentication, PlexTrac does not support but recommends SP-initiated SSO.
Step 1: Log in to Okta.
Step 2: Click Applications in the admin panel.
Step 3: Click Add Application.
Step 4: Click Create New App and fill out the form. For Platform, choose "Web." For the Sign-on method, select "OpenID Connect." Click Create.
Step 5: Enter a value for the Application name and add {{ your_domain }}/api/v2/authenticate/okta
to Login redirect URIs. Click Save.
Step 6: On the next page, copy values for Client ID and Client secret for later use.
Step 7: Click the Sign On tab, copy the value for Issuer, and save for later. This will be later used in PlexTrac as the Provider URL.
Step 8: Log in to PlexTrac as an admin.
Step 9: Navigate to the Account Admin page. Click Security under "Security & User Management."
Step 10: Click Authentication Methods under "Authentication."
Step 11: From the OAuth Providers tab, elect "Okta" from the dropdown menu under "Authentication Providers."
Step 12: Enter values for the fields Provider URL, Identifier, and Secret obtained from earlier steps.
Step 13: Toggle on the Enabled button. Click Save.
Step 14: Return to "Security & User Management" and click Users.
Step 15: Under the column header "Authentication Provider," select the desired user and change the value to "Okta."
Each user has to be set individually.