This article aims to provide you with the resources to successfully configure some of the most common Identity Providers (Okta, Auth0) for Single Sign-On with the Intigriti platform. Specifically, we provide the most relevant knowledge base articles per Identity Provider, as well as any additional tips for easier integration with our platform.
Prerequisites
Configuration permission for your company's Identity Provider
Company admin access to your company's Intigriti platform
Table of Contents
Configuring Okta
Please follow this Okta KB article: Create OIDC app integrations using AIW (https://help.okta.com)
Recommended options & actions
When following the guide & prompted during configuration in Okta, please select the following options:
Prompt | Recommended action |
Sign-in method | Select: |
Application type | Select: ✅ 'Web application' |
Grant type | Select: ✅ 'Client Credentials' |
Sign-in redirect URIs | Provide 'Redirect URL' from |
Sign-out redirect URIs | Ignore field |
Base URIs | Ignore field |
Controlled access | According to your company's policy |
Where to find your Client ID (and Client Secret)
Once your application integration is set up, go to: Okta Admin Console > Applications > Applications > [your App integration]
Go to Client Credentials in the General tab. Your Client ID & Client Secret will be shown.
Where to find the Identity provider URL
Once your application integration is set up, go to: Okta Admin Console > Applications > Applications > [your App integration]
Go to Sign On.
Scroll down to OpenID Connect ID Token. Click Edit, and open the Issuer dropdown. Select Okta URL. The URL provided within brackets is the Identity Provider URL you will need to fill out.
Once you have gathered & configured the above information, please refer to Configuring Single Sign On (SSO) to continue SSO set-up.
Configuring Auth0
Please follow this Auth0 KB article: Auth0 Configuration (Web Apps + SSO) (https://auth0.com)
Recommended options & actions
When following the guide & prompted during configuration in Okta, please select the following options:
Prompt | Recommended action |
Application name | Name according to your company's needs ("Intigriti" is a great choice, however! :) ) |
Choose an application type | Select: |
Once you've selected the application type, click Create. Your instance will be created, and you will be redirected to a Quick Start overview.
Where to find your Identity Provider URL, Client ID, and Client Secret
To continue configuration, go to Settings. Under the Basic Information section, you can find the Domain (= Identity Provider URL), Client ID, and Client Secret.
Where to add your Redirect URL
Go to the Settings tab of your Application. Scroll down to the Application URIs section to find the Allowed Callback URLs field. Add the Redirect URL provided by the Intigriti platform here, and save your changes.
Once you have gathered & configured the above information, please refer to our Configuring Single Sign On (SSO) article to continue SSO set-up.
Configuring Ping Identity
Please follow this Ping Identity knowledge base article: Add or update an OIDC application
Once you have gathered & configured the above information, please refer to Configuring Single Sign On (SSO) to continue SSO set-up.
Configuring Google Identity
Please refer to this Google Identity knowledge base article: OpenID Connect
In some instances it may be necessary to refer to the /.well-know URL of the IDP instead of the IDP URL itself, depending on the IDP setup
Once you have gathered & configured the above information, please refer to Configuring Single Sign On (SSO) to continue SSO set-up.
Configuring Azure Active Directory
Where to find your Identity Provider URL, Client ID, Client Secret, and add your Redirect URL
1) Sign in to Azure. Navigate to Azure Active Directory.
2) In the left column, Under Manage, select Enterprise Applications.
3) Select New application. You will be redirected to the Azure AD Gallery.
4) Select Create your own application.
Add a name for the application (e.g. Intigriti SSO), and indicate for application purpose: Integrate any other application you don't find in the gallery (Non-gallery).
Select Create when finished.
5) Once your application has been added, navigate back to the Azure AD Default Directory Overview. In the left pane, under Manage, select App registrations.
6) Select the application you just created.
If the application is not shown in the list, check the All applications tab.
7) On your application's Overview page, you can find your Client ID to add to your Intigriti SSO config.
8) Next, on the same Overview page, select Endpoints.
9) The URL titled OpenID Connect metadata document is your Identity Provider URL.
10) If you would like to add a Client secret, go back to the overview page of your application. In the Essentials section you'll find Client credentials. Select Add a certificate or secret.
11) Choose a name and expiry date for the Client secret. When finished, select Create.
12) Your Client secret will be displayed as Value. Make sure to store it somewhere safe, as the value will be obscured when you return later.
13) To add the Redirect URL, navigate back to your Azure AD Default Directory Overview. Select App registration, select your application, and go to Authentication.
14) Select Add a platform. In the configuration screen, select Web application as the platform type.
15) Add the Redirect URL provided on your Intigriti SSO Settings page.
16) Succes! SSO is now configured in Azure AD.
Don't forget to finish and activate your SSO configuration in the Intigriti application.
Once you have gathered & configured the above information, please refer to Configuring Single Sign On (SSO) to continue SSO set-up.