Skip to main content

Enabling Okta single sign-on

  • Updated

Enabling Okta single sign-on allows your users to seamlessly access ThingLink from their Okta dashboard while simplifying account provisioning. When enabled, users are automatically connected to your license upon signing in.

Note that this feature is not publicly available yet. Contact your ThingLink account representative or submit a request here if you would like to enable it on your account.

How the integration works

Your users will be able to access ThingLink via the Okta User Dashboard based on your app assignment settings. When clicked, users will be asked to authenticate via Okta. Once authenticated, ThingLink will create an account for them and connect them to your organizational license, or sign them into their existing account.

New users are always added with a minimal access level (i.e., as learners or students depending on your license setup). ThingLink does not support role mapping at this stage.

How to set up the integration

Overview

Setting up the integration will require you to configure a custom OIDC application inside Okta and share the app's Client ID and your email domain(s) with the ThingLink team. You will then receive a unique Initiate login URI you will use to finalize the app configuration.

Step 1: set up the application inside Okta

Go to the Okta Admin dashboard. Open the Applications section and select Applications in the left-hand navigation menu, then click the 'Create App Integration button':

okta_application_dashboard.png

This will open up a new window. Select Sign-in method: OIDC - OpenID Connect and Application type: Single-Page Application, then click Next:

Step 2: configure the application in Okta.

Set up the basic details of the application by filling out the 'New Single-Page App Integration' form:

    • App integration name: ThingLink. You may use a different name if desired.
    • Logo (optional): you can download the logo here.
    • Proof of possessionleave unchecked.
    • Grant type: select 'Authorization code'. Leave other options unchecked. 
    • Sign-in redirect URIs:
      • Set the redirect URI to https://www.thinglink.com/sso/oidc/callback
      • Leave the 'Allow wildcard * in sign-in URI redirect.' box unchecked.
    • Sign-out redirect URIs (Optional): remove the default URI.
    • Trusted Origins: leave empty.
    • Assignments: configure assignments as desired.

Click Save to save the app. This will take you to the app configuration page.

Copy the Client ID under 'Client Credentials':

okta_app_page.png

Send the Client ID and your Issuer URL with your ThingLink point of contact.
Please see this page to learn how to check your Okta Issuer URL.

Step 3: finalize the app configuration. 

ThingLink team will set up the connection on the ThingLink side, and you will receive a unique login URI.

Go to the Okta admin dashboard and open the application you configured for ThingLink, then click the Edit button under General Settings and adjust the app settings:

  • USER CONSENT: leave at default values.
  • LOGIN: set 'Login initiated by' to Either Okta or App.
  • LOGIN: 'Application visibility': check the 'Display application icon to users' box.
  • LOGIN: leave 'Login flow' at the default value (Redirect to app to initiate login)
  • LOGIN: set the Initiate login URI to the URI you received from the ThingLink team.

okta_additional_config.png

Click Save to save the changes.

At this point, the app is configured and should appear in the Okta dashboard for all assigned users. If it does not, please check the app assignments or reach out to your ThingLink point of contact.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk