Articles in this section

Account Management: Okta SSO Integration

Avatar
Nexla
  • Updated
Follow

Important Nexla Help Center Update:

Nexla's Zendesk Help Center pages are being deprecated and will soon no longer be available.

Nexla Documentation is now the home for Nexla's User Guides, with improved formatting and categories that are easier to navigate, providing a better overall user experience.

Please update any bookmarks to the new Nexla Documentation site (docs.nexla.com/user-guides).

_______________________________________________

 

For organizations that want seamless identity and access management, Nexla supports any OpenID Connect and SAML based single sign-on (SSO) client such as Okta, Auth0, OneLogin, ID Anywhere, and Microsoft Active Directory.

In this guide we will look at instructions for setting up account management of your Nexla organization using an Okta Open ID Connect SSO application.

Step 1: Configuring Okta

The following steps can only be done by an Okta Account Administrator for your Okta organization:

  1. Login to your Okta account. Go to the Applications menu and click on Create App Integration button. This will launch a popup form.

    okta-1.png

  2. In the form, choose  OIDC - Open ID Connect as Sign-on Method and Single Page Application as the Application Type. Then click on Next

    okta-2.png

  3. You will be redirected to the application details page. Enter the following details in this page:
    • App Integration Name: Pick any name you wish to assign
    • Grant type: Leave this is the default Authorization Code
    • Sign-in redirect URIs: Set this to <your-nexla-ui-url>/sso. Usually this will be https://dataops.nexla.io/sso
    • Sign-out redirect URIs: Set this to <your-nexla-ui-url>.  Usually this will be https://dataops.nexla.io

    okta-3_edited.png

  4.  Click onSave and that's it! You've now created an Okta application that can be used for managing access to Nexla. In the next few steps we'll note down the configuration information needed by Nexla.
  5. From the General settings tab of the created application, note down:
    • Client ID
    • Okta Domain

    okta-4.png

  6. Finally, we'll make a note of the Authorization Server that should be used. Let's head over to the Security >> API menu. Usually there is only one default entry in there pointing to Okta's default Authorization server, but you can choose to control Nexla authorization via any Authorization Server. We'll just make a note of the following from this page:
    • Audience
    • Issuer URI

    okta-5.png

That's all we need to do on the Okta UI. Next we will configure Nexla.

 

Step 2: Configuring Nexla

This step will be handled by the Nexla support team. Send an email to support@nexla.com or contact your Nexla Account Manager with these details you noted down in the previous step:

  1. Okta Application Client ID
  2. Okta Application Domain
  3. Authorization Server Audience
  4. Authorization Server URI
  5. Should Nexla auto-create accounts for users when they login through Okta? Usually you want to leave this as Yes  so that Nexla user creation is managed automatically through Okta.

Once Nexla has been configured for this new Okta SSO integration, your organization members can use the Login with SSO  button on the Nexla UI to access their Nexla account after the Okta SSO handshake.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk