SafeTitan supports the OIDC federation protocol for SSO integration with Okta. The configuration steps for setting up this integration are listed below. It is broken into 2 steps:

  1. Register Application in your Okta administration portal.
  2. Update Authentication Settings in your SafeTitan portal.

Register Application in Okta Admin Portal

The first step is to register the SafeTitan application within your Okta portal. This will generate an application id and allow for your application to receive security tokens. 

When the SafeTitan application provides the generated application ID during the authentication flow, Okta will then provide a level of trust by providing the authenticated security token to SafeTitan to progress with login. 

The steps involved in registering the application are listed below:

  • Sign in to your Okta admin portal https:{company-name}
  • Within the main navigation, select Applications -> Applications

  • Click on the Add Application button.
  • Click Create New App

  • In the dialog that appears, select Web as the platform and OpenID Connect as the Sign On Method and click Create.

  • In the next screen, set the Application Name to any name of your choosing I.E. SafeTitan. Add the following Login redirect URLs' and click Save
    • https://{your-company-name}
    • https://{your-company-name}

  • In details screen that appears, click Edit.
  • Check all checkboxes under the Allowed grant types.

  • Click Save
  • Upon returning to the details page, select the Sign-On tab.
  • Take note the Audience and Issuer fields. They will be used for configuration on the SafeTitan portal.

Configuration on SafeTitan

The last step is to add the minimal configuration needed to your SafeTitan portal.  

  • Login to your SafeTitan portal as an administrative user.
  • From the menu on the left, select Settings and then Authentication Settings

  • From the Authentication Type drop-down, select OpenID.

  • For each of the fields, provide the values:
    • Post logout redirect URI : https://{your domain name}
    • Redirect URI: https://{your domain name}
    • Authority: Your Issuer URI from the Okta admin portal.
    • Client Id: This should be the Audience field you will have been provided with from the Okta application registration. See above.
    • Domain Hint:
    • Username Claim: This will default to preferred_username but can be updated to a claim of your choosing, for example the UPN claim would be:
  • Click Save

This concludes the setup. Please note that it may take one day for the changes to take effect,