Okta Workforce Connection Setup

Connect CxAlloy with an Okta Workflow Account

The Okta Workflow account allows CxAlloy customers to implement Okta as their identity provider to provide the Single Sign-on experience for their users.
The Single Sign-on experience allows its users to login once to any connected / registered application after which they will automatically be signed-in to all other Okta connected applications like CxAlloy.
NOTE SSO is a premium feature, please reach out to sales@cxalloy.com to have it enabled.

Setting this up includes:

  1. Have an existing Okta Workforce account or create a new one
  2. Register CxAlloy as an enterprise application connected to the Okta Workforce account
  3. Use the Client ID, Client secret and Okta domain from application registration and the Okta account to setup a new "Okta workforce"  SSO connection in CxAlloy.
  4. Ensure the user email that you are logged into CxAlloy with is an assigned user on the Okta enterprise application.
  5. Enable and test this new connection in CxAlloy


Before you start

You'll need:

  • An Okta workforce account and your Okta domain
  • Add your CxAlloy user email address to the assigned users in the Okta enterprise application (this will allow you to successfully test and enable your new connection)

 
Create an Okta OIDC Application

To learn how to register a new application with Okta, please refer to Okta's Create OIDC app integration doc. 

During this process, Okta will generate a  Client ID and Client Secret for your application; 

Make note of these values. These values are needed by CxAlloy when setting up the SSO connection.

While setting up your app, be sure to use these settings:

  • Choose OIDC as the Sign-in method.
  • When asked to select an application type, choose Web application and set the following parameters:
    Field Description
    Name The name of your application.
    Sign-in Redirect URIs https://cxalloy-production.us.auth0.com/login/callback

You can use this example setup of an Okta application as a guide to setup yours.  The LOGIN section below should be setup EXACTLY as shown for SSO connection to work properly.

The login section is the one that has the settings critical to getting your new SSO connection working properly.  


Please set this section up with these specific values. 


Assign your Okta user to your new application

NOTE:     This step is not necessary and can be skipped if your application has Federation Broker Mode enabled.   

You must assign your user in your Okta Directory to your application in order for the SSO connection to pass in CxAlloy.  

  • In your Okta Admin Dashboard, navigate to Directory > People.  
  • Select Add Person. 
  • Create a user with the same email address as your admin user in cxalloy.  This is the user you are logged in as when creating the SSO connection. 
  • Create a password for this user in Okta.
  • Save the Okta directory user.
  • In the Directory, select the new user
  • Navigate to the Applications tab for the user and choose Assign Applications. 
  • Select the application name you created in the previous step.

You will need a user with the same email address as your CxAlloy username that you will be using when adding the connection.   

  • Make sure this user is created in your Okta directory and assign this user to the Okta enterprise application.  

This will be necessary to be able to successfully test the SSO connection later in CxAlloy.

NOTE:  I had to use users with icloud.com and gmail.com domains only to make this tutorial for demo purposes only.  Yours will be your companies domain that is present in your work email address! 

Return to CxAlloy and create a new Okta SSO connection 

At this point you have enough information to add a new SSO Okta Workforce connection in CxAlloy.

You have the:

  • Okta domain
  • client ID 
  • client secret
  • Your company email address domain (the domain from your work email address)

The Okta domain can be copied from the upper right corner of the Okta admin page 

The client ID and client secret come from the "general" settings section of the Okta enterprise application configuration 

Go back to the CxAlloy "Add SSO Connection" screen and enter these values into the form provided to create the connection.   

  1. To get back to the "SSO connections" you would click on your account link and then click on settings tab at the top.
  2. Then select the "SSO Connections" tab in the navigation menu on the left to go to that section.

  3. From there click "Add SSO Connection" to bring up this modal where you will choose "OKTA" as the connection 

  4. Now enter the information we have collected so far into the form and click "next step".

  1. Review the data that is displayed and if it matches the values you intended to enter then click "save Connection" to create the connection.  This will save your new connection.  

Please note:  

This connection will need to be enabled and tested before it will be available to your users 

This can be done by clicking the "enable connection" button and following the prompts. 

When a connection is correctly set up, tested and enabled it will have a green checkmark for tested and enabled columns.  

If both fields have a green checkmark then your connection should be working and available for your users to use for login to CxAlloy.  

If you need additional help setting up an SSO connection please reach out to CxAlloy Support for help getting this feature setup. 

Still need help? Contact Us Contact Us