OKTA INTEGRATIONENABLE OKTA INTEGRATION

ADD IDENTITY MANAGEMENT INTEGRATION

As a web services Administrator.

1. From Setup, go to Settings.

2. Go to Manage Integrations and click the Add New Integration button. Select Okta from the list of options and click Next. Ensure Enable Okta integration is checked and select Identity Management tab. Check Enable Third Party Authentication. You should see several form fi elds and values appear. Keep this page open on a browser tab while you perform the next step.

NOTE You’ll be alternating between OWS and Okta in order to perform this integration.

ENABLE OKTA (cont.)

MANAGEMENT PORTAL NAVIGATION

1. After logging in with an OWS account, Select the Account Name you want to enable to integrate with Okta.

2. From the Management Portal, select the Management tab.

3. Choose Integrations from the drop-down menu.

4. Click on Add New Integration.

5. Select Okta and then click Next.

6. The Okta Integration will be added to the Manage Integrations list.

7. To make changes to the Integration, click Edit from Manage Integration.

NOTE You’ll be alternating between OWS and Okta in order to perform this integration.

ADD OKTA APPLICATION FOR OWS ACCESS (OKTA)

1. Make sure Classic UI is selected.

2. As an Okta user with at least Application Administrator permissions, go to Add Applications and search for OpenEye, select OpenEye Web Services and click on Add.

3. Give your app a desired label.

4. Click on Sign On, then click on Edit.

5. Under Advanced Sign-On Settings copy the Single sign on URL (ACS URL) and Audience URI (SP Entity ID) from the OWS Identity Management page to the fields in Okta.

6. Save the Okta application.

7. Click on View Setup Instructions.

8. Copy over the IDP metadata on the bottom of this page over to the Identity Provider Metadata field on OWS and save it.

9. Copy the EMBED LINK in the App Embed Link over to the IDP Login Embed URL (Apps Embed URL) field on the OWS Identity Management configuration field.

10. Save the Identity Management settings on OWS.

Copyright ©2021 OpenEye. All Rights Reserved. Information contained in this document is subject to change without prior notice. OpenEye does its best to provide accurate information but cannot be held responsible for typos or mistakes.

openeye.netLiberty Lake, WA, USA 990191.888.542.1103 37081AC

ADD USERS MANUALLY OR ENABLE PROVISIONING VIA SCIM

Users may now be configured to access your OWS application via Okta in one of two ways:

1. Manual invite via OWS.

2. Automatic provisioning from Okta via SCIM 2.0

MANUAL INVITE VIA OWS

Users may be manually added to WS via the standard WS user invite function, including manually adding them to User Groups. The primary advantage of this approach is that users invited in this fashion may choose to login either via WS credentials or the IDP credentials. This approach is ideal for Administrators who need a non-IDP method to login just in case there is an IDP issue. The downside of this approach is that user management is not simplified into a single place, and that users may login both ways if configured to do so.

AUTOMATIC PROVISIONING VIA OKTA

The ideal integration, so that all users may be configured in a single location, is to enable automatic user provisioning via Okta. This process is documented in detail here.