Skip to main content

How to configure Okta

Follow this step-by-step guide to configure the integration between Port and Okta.

info

In order to complete the process you will need to contact us, the exact information we need to provide, as well as the information Port requires from you is listed in this doc.

Port-Okta integration benefits

  • Connect to the Port application via an Okta app.
  • Your Okta teams will be synced with Port, automatically upon user sign-in.
  • Set granular permissions on Port according to your Okta groups.

How to configure the Okta app integration for Port​

Step #1: Create a new Okta application

  1. In the Admin Console, go to Applications -> Applications.
  2. Click Create App Integration.

Okta new application wizard

  1. Create an OIDC app integration. Select OIDC - OpenID Connect in the Wizard.

Okta new application OIDC integration

  1. Choose Single-Page application as your application type.

Okta new application type

Click Next.

Step #2: Configure your Okta application

Under General Settings:

  1. Choose an app integration name (a specific name that will appear on your Okta apps).

  2. Add an application logo (optional).

    Port's logo

  3. Under Grant type mark all options.

  4. Under Sign-in redirect URIs set: https://auth.getport.io/login/callback.

    • The Sign-in redirect URI is where Okta sends the authentication response and ID token for the sign-in request.

  5. Remove the sign-out redirect URIs.

  6. Under Assignments: Set Allow everyone in your organization to access.

    Okta app settings Okta app settings assignments

Step #3: Configure OIDC settings

Get your Okta Domain by clicking on your user mail at the top-right corner of the Okta management interface, hovering on the okta domain (will be in the format {YOUR_COMPANY_NAME}.okta.com) and clicking on Copy to clipboard:

Get Okta domain

Under General tab:

  1. Copy the Client ID and send it to Port along with the Okta Domain from the previous step (on the slack channel/Intercom).

    Okta app settings

  2. Click on the Edit button on the General Settings tab.

    2.1 Set the Login initiated by option to Either Okta or App:

    Okta app settings

    2.2 Check all the options in Application visibility:

    Okta app settings

    2.3 Check Login flow to be Redirect to app to initiate login (OIDC Compliant)

    2.4 Under initiate login URI paste the following URI:

    https://auth.getport.io/authorize?response_type=token&client_id=96IeqL36Q0UIBxIfV1oqOkDWU6UslfDj&connection={CONNECTION_NAME}&redirect_uri=https%3A%2F%2Fapp.getport.io
    note

    We will provide your {CONNECTION_NAME} (Contact us on Slack/Intercom).

    Okta app settings login flow

    2.5 Click Save and you’re done! now you’ll have the Port app on your Okta dashboard.

    Okta dashboard with Port app

How to allow pulling Okta groups to Port

note

This stage is OPTIONAL and is required only if you wish to pull all of your Okta groups into Port inherently.

Benefit: managing permissions and user access on Port.
Outcome: for every user that logs in, we will automatically get their associated Okta groups, according to your definition in the settings below.

To allow automatic Okta group support in Port, please follow these steps:

  1. Under the Application page, select Port App and go to the Sign On tab:

    Okta application sign-on settings

  2. Under OpenID Connect Token click Edit:

    Okta application connect id token

  3. Add a Groups claim type and choose the option filter, then:

    3.1 Value = groups

    3.2 Select the required regex phrase to your needs.

    note

    To import all groups, insert Matches regex with the .* value.

    Okta application set group claims

    3.3 Click Save.

SCIM Configuration (beta)

Okta OIDC applications support SCIM.

Functionality enbaled by SCIM

By enabling SCIM the following functionality will be enabled:

  • Automatic deprovisioning of users (for example, when a user is unassigned from the SSO application, he will automatically lose acccess to Port)

Setup SCIM

To use SCIM with your Okta OIDC SSO setup, you will need to create an additional Okta application according to the following instructions:

  1. Create a new SSO application, of type SWA, and fill the form as below:



    • App's login page URL
      • Organizations hosted in the EU: https://app.getport.io
      • Organizations hosted in the US: https://app.us.getport.io
    • Who sets the credentials - Administrator sets username, password is the same as user's Okta password
    • Application username - Okta username
    • Update application username on - Create and update

  2. Edit the App Settings, and enable Enable SCIM provisioning

After completing these steps, reach out to Port's team. You will be provided with:

  • An SCIM endpoint
  • An SCIM token

The endpoint and token will be used to complete the setup of the new SWA application.

  1. Open the Provisioning tab in your application, and under Integration fill the following:

    • SCIM connector base URL: The endpoint you received from Port.
    • Unique identifier field for users: userName.
    • Supported provisioning actions: Push New Users, Push Profile Updates, Push Groups.
    • Authentication Mode: HTTP Header.
    • Authorization: The token you received from Port.

    After configuration, press the Test Connector Configuration and confirm the integration was configured correctly.

  2. Go to the newly created To App settings, and enable the following:

    • Create Users
    • Update User Attributes
    • Deactivate Users