How to setup Yotascale SSO with Okta using Okta OpenID

Currently Yotascale provides support for Google Auth, SAML or Okta OpenID authentication, with a limitation of only 1 Authentication Provider at any given point in time. This guide focuses on setting up Okta as your IdP using Yotascale's Okta OpenID authentication provider.

Yotascale - Retrieve SAML auth data:

1. Login to Yotascale with a user that has Admin role access
2. In top right hand corner select the round circle with your initials
3. Select Manager Users
4. Select Manage Auth Provider tab
5. Select "+ New Auth"
6. From Auth Provider drop down select Okta OpenID
7. Enter an Organization name
8. At bottom of page copy and save the following links:

1. Redirect/ACS URL:  

1. https://app-api.yotascale.io/login/organization/sesandbox/auth/okta-openid/authorized

• Initiate Login URI:

1. https://app.yotascale.io/login.html/external_provider?org_name=sesandbox

Okta - Create Application

1. Login to Okta
2. Select Application Tab
3. Select "Create New App"

1. From Platform dropdown select "Web"
2. For Sign on Method, Yotascale support either one of the following methods:

1. SAML 2.0
2. OpenID Connect
3. For this guide select OpenID Connect

• Select "Create"
• Enter App name

1. Yotascale-<method>

• Add App logo if required
• Configure OpenID connect

1. Select "Add URI" for Login Redirect URIs.

1. Enter the saved data for Redirect/ACS URL from Yotascale

• Select "Save"
• Client Credentials

1. Copy and save the Client ID
2. Copy and save the Client secret

• General Settings

1. Copy and save the Okta domain
2. Select "Edit" for General Settings
3. Replace the Initiate login URI with copied Initiate Login URI from Yotascale.

• Select Save

Yotascale - Complete Okta OpenID Auth Provider configuration

1. You should still be logged in and on the SAML Auth Provider configuration page

1. If not, login again to Yotascale with a user that has Admin role access
2. Follow the same steps to add new SAML Auth provider as describe  above.
3. Make sure to add the same Organization name for SAML

• Enter the following information:

1. Organization name already entered
2. Client ID

1. Enter the Client ID that was copy for the Okta application

• Client Secret

1. Enter the Client Secret that was copy for the Okta application

• Okta Domain URL

1. Enter the Okta domain that was copy for the Okta application
2. https:// <Okta domain>

• Auto Provisioning

1. Enabled - When user authenticates through Okta, the user account will automatically be created in Yotascale User list.
2. Disabled - User accounts first needs to be manually created in Yotascale.

• Default Provision Role

1. Admin/Power User/Tag Admin/User

• Select Create New Auth
• In order to verify the Auth provider, a user account needs to be created manually in Yotascale that matches the user that has permissions to the Yotascale application in Okta.

1. Under Manage Users tab, select User List
2. Select "+ New User"
3. Enter the First Name
4. Enter the Last Name
5. Enter the email address that matches the email address of the user that has permissions to the Okta applications.
6. Select Applicable role based on your requirements

1. Admin/Power User/Tag Admin/User

• Select "Yotascale" from dropdown for Auth.
• Select "Create User"
• Under Manage Users tab, select the Manage Auth Provider tab

1. For the SAML Auth Provider select "Verify auth Provider"
2. This will open the Okta login page
3. Login with same user account that has access to the Okta Application and created manually in Yotascale.
4. The successful login should verify the Auth Provider.

• Under Manage Users tab, select User List

1. Under the manually created user, select the Auth dropdown and change from Yotascale to the SAML Auth provider name.
2. Select "Save Changes"

• Configuration is now complete and users should be able to login via Okta successfully.
• If you run into any issues, please contact our support team.

Related articles