What is Okta
Okta provides cloud software that helps Nexudus users manage and secure customer authentication.
How can the integration between Okta and Nexudus help your space?
When connecting your Nexudus account to Okta, your users will be able to access their account using the same credentials they use to access your enterprise organisation. Okta provides its own user repository and API to manage users and credentials but it is also able to connect to other Identity Providers such as:
- Any Identity Provider supporting OpenID Connect
- Any Identity Provider supporting SAML 2.0
This means you can let users use the same credentials they use in those providers to access their account in your Nexudus account.
You will also be able to take advantage of many other Okta features, such us Two-step authentication, to improve the security of the login process for your users.
How to connect Okta and Nexudus
In order to connect Okta to Nexudus, you will need to create an Okta Application. If you don't already have it, you can obtain a developer account from https://developer.okta.com/.
- Once in your Okta developer account, click on Applications > Add Application
- Select the Web application type.
- Complete the Application details as follows. Ensure you type the correct details for Login Redirect URI (https://spaces.nexudus.com/authorization-code/callback) and Base URI (https://spaces.nexudus.com).
- Once saved, head back to the list of applications and access the details of the application you just created. Take note of both the Client Id and Client Secret.
The new Okta Application you just created will let users sign in to their Nexudus accounts as long as they are already a user in your Okta account. This may be what you want if you are already managing users and credentials for your users in Okta or via their API. In most cases though, you may want to connect Okta with an Identity providers, such us Microsoft AD or Google so Okta delegates the authentication process on to those providers. You do this by adding a Identity Provider to Okta.
Okta provides instructions for the different Identity Providers they support:
Once you have configured your Identity Provider of choice, take note of the identifier IdP ID Okta has assigned to it. You will need this along with the Client ID and Client Secret to connect this application to Nexudus.
The next step is to add these details to your Nexudus account. This is how:
- Access your Nexudus account and head to Settings > Integrations.
- Locate Okta in the list of available integrations and click on it.
- Complete the details as follow
|Enable Okta||Enable this option to make the integration available in the login page.|
|Provision new users if they don't exist.||Lets users register as new customers in Nexudus if they don't yet have an account with you.|
|Prevent users from using their Nexudus password to log in.||Enable this option if you want users to exclusively access their Nexudus accounts using thir Okta managed users. This means the Nexudus login page will automatically redirect users to Okta or the connected Identity Provider|
|Sign in button label||The text for the label shown in the login page. If not provided, it defaults to "Sign in with Corporate Account"|
|Okta Domain (Excluding https://)||Your Okta domain without "https://". You can also use your Okta custom domain if you have set one up.|
|Identity Provider Id (IdP ID)||An optional Identity Provider ID if you have configured one in your Okta account and you would like the Nexudus login page to use it.|
|Client ID||The Client ID you obtained when you created the Okta Application.|
|Client Secret||The Client Secret you obtained when you created the Okta Application.|
How does the Okta integration work?
When you connect and enable Okta in your Nexudus accounts, the log in pages in Nexudus will present users with an additional login option labelled as "Sign in with Corporate Account" by default. You can change this label using the settings above.
Clicking on the sign in link will redirect the user to the Okta sign in flow. If you added a custom Identity Provider (i.e. Microsoft AD), then the user will be asked to log in using that provider. If the login is successful, the user is returned back to the portal.
By default, access to the portal is granted only if the user exists in your Nexudus customer database. We will look up customers based on the email address the identity provider returns as part of the user profile.
When the option Provision new users if they don't exist is enabled, if a user is successfully authenticated by the Identity Provider but they don't yet exist in your Nexudus customer database, we will automatically create an account for them as a contact. We will obtain their email and full name from the profile data returned by the identity provider and register them to all locations in your network.