This chapter explains how you can integrate Timus with Okta to enable users to log into your corporate network using their Okta account credentials.
To integrate your Okta Users with Timus and create an app integration on Okta:
- Go to https://www.okta.com/login/.
- Click Login.
- Enter your organization's address. Okta will send you to your login page, where you can access your account directly.
- Log in to your Okta account.
- You will see the general Okta Dashboard on the screen.
Before setting up an app integration on Okta to connect your users with Timus, please verify that your Okta plan includes an SSO license that allows synchronization through the API gateway, like access gateway and API access management plans on Okta.
- Click the Admin button at the top right of the Dashboard page.
- Click Applications in the list of shortcuts on the left of the open page.
- Click the Create App Integration button on the Applications screen.
- In the Create a New App Integration popup, select OIDC (OpenID Connect) - OpenID Connect as the sign-in method.
- Select Web Application as the Application Type and click Next.
After clicking on Next, you will able to see the page, which you need to enter your App Integration Name.
You need to write https://auth.timuscloud.com/user/external into the Sign-in redirect URLs field.
After clicking Save, you can view the page with information about your web app.
Client ID and Client Secret are under the headings Client Credentials and Client Secrets.
- On the same tab, which you get your Client Secret and Client ID, you need to configure your Okta API Scopes as shown in the image below to give the needed permissions for your Okta integration.
Once you have clicked on the Okta API Scopes tab, you need to grant the okta.groups.read and okta.users.read permissions as shown in the image below.
- Domain ID information can be copied from under the Okta Account Name at the upper right corner of the Okta screen.
Click Security from the shortcuts list on the left side of the page for API tokens:
- Click API at the bottom of the drop-down list.
- Click the Tokens tab on the API screen.
- Click the Create Token button.
- In the Create Token popup, enter a name for the token.
- Click Create Token.
- You will display the Token created successfully! notification in the window.
- Copy the token by saying Copy to Clipboard.
You can close the window by clicking the Ok, Got it button.
Create a user to log in to Timus applications such as Accounts or Connect via Okta Directory. After you add the user, you can assign them to apps and groups and manage their profile from Timus Manager:
In the Admin Console, go to Directory > People.
- Click Add Person.
- Select a user type in the User type list or accept the default.
- Complete these fields:
- First name — Enter the user's first name.
- Last name — Enter the user's last name.
- Username — Enter the user's username in email format.
- Primary email — Enter the user's primary email if it's different from their username.
- Secondary email — Optional. Enter a secondary email to allow the user to access information when their primary email is unavailable.
- Password — Select Set by user to allow the user to set their password or select Set by admin and enter a password.
- Send user activation now — Optional. This check box is available when set by user is selected as the password option. Select this check box to send a user activation email to the user.
- User must change password on first login — Optional. This check box is selected by default when you select Set by admin as the password option. Clear this check box if you do not want the user to change their password when they first sign in.
- Click Save or click Save and Add Another to add another user.
OKTA Integration
The group you created will be visible on Timus Manager in about 5 minutes.
The name of the user you create will appear as the first part of the e-mail address you provide via Okta in the Timus interface.
- Go to Timus Manager > Settings > Integrations > Okta > Enable > Okta Integration screen.
- Paste the information you copied and saved before: Client ID, Client Secret, API Token and Okta Domain.
- Click Confirm.
- In the Okta Integration window, you will see the two tabs, Preferences and Configuration.
-
Enable Synchronization Status ON from the Preferences tab.
- Under Mapping, Choose the Okta groups you want to synchronize. Users in the groups you choose will be added to the Okta Users team on Timus.
- Under Allowed Sites section, select Remote Sites.
- Click Confirm.
- You can disable the integration with the Disable Integration button from the Integrations page.
You have integrated your Timus and Okta Users.
The synchronization process may require up to 30 minutes, but it could potentially take longer.
The duration of the synchronization depends on the amount of information you are synchronizing from Okta.
You will be able to log in to the Timus Connect app with your new admin credentials over the remote network that you assigned to the user’s group you have created in Okta Directory, from the Manager Okta integration screen.
- When you open the Connect app, you will see the e-mail address screen.
- Please enter your e-mail address here.
- You will see the networks allowed for your user account.
- After the network is selected, the app will direct you to the sign-in screen of Okta.
0 comments
Please sign in to leave a comment.