Jump to content

Connect Resco Cloud with Okta: Difference between revisions

From Resco's Wiki
Newer edit →
Created page with "{{WIP}} Resco Cloud supports Okta authorization. == Prerequisites == * To set up Okta authorization, you need Resco Cloud version 15.1 or higher..."
 
Line 7: Line 7:
* To use Okta authorization, the app also must be updated to [[Releases/Summer_2022|version 15.1]] or higher.  
* To use Okta authorization, the app also must be updated to [[Releases/Summer_2022|version 15.1]] or higher.  


== Raw dump TBD ==
== Okta configuration ==


Configure OKTA
Log in to the Okta admin console as an administrator and set up app integrations for the web app and native apps, and set up an authorization server for Resco Cloud.


Web apps  
=== Web apps ===


In the Admin Console, go to Applications > Applications.  
# In the Admin Console, go to '''Applications > Applications'''.
# Click '''Create App Integration'''.
# To create an OIDC app integration, select "OIDC - OpenID Connect" as the '''Sign-in method'''.
# Select '''Web Application''' and click '''Next'''.
# Set up the '''General Settings''':
#* As '''App integration name''', enter a name for your app integration, for example "resco cloud web app".
#* As '''Grant type''', select "Refresh Token".
#* As '''Sign-in redirect URIs''', enter <code>https://<your_server_name>/Authenticate.aspx/ADFS</code>.
#* As '''Sign-out redirect URIs''', enter <code>https://<your_server_name></code>.


Click Create App Integration.
=== Native apps ===


To create an OIDC app integration, select OIDC - OpenID Connect as the Sign-in method.  
# In the Admin Console, go to '''Applications > Applications'''.
# Click '''Create App Integration'''.
# To create an OIDC app integration, select "OIDC - OpenID Connect" as the '''Sign-in method'''.
# Select '''Native Application''' and click '''Next'''.
# Set up the '''General Settings''':
#* As '''App integration name''', enter a name for your app integration, for example "resco cloud native apps".
#* As '''Grant type''', select "Refresh Token".
#* As '''Sign-in redirect URIs''', enter <code><nowiki>https://www.resco.net/oauth.html</nowiki></code>.


Select Web Application
=== Authorization server ===


Click Next.  
# In the Admin Console, go to '''Security > API'''.
# On the '''Authorization Servers''' tab, either modify the default authorization server or click '''Add Authorization Server''' to add a new one.
#* As '''Name''', enter a name for authorization server, for example "resco cloud auth server".
#* As '''Audience''', enter <code><nowiki>https://resco.net/rescocloud</nowiki></code>.
# Go to the '''Claims''' tab and click '''Add Claim''':
#* As '''Name''', enter <code>upn</code>.
#* As '''Include in token type''', select "ID Token" and "Always".
#* As '''Value type''', select "Expression".
#* As '''Value''', enter <code>user.email</code>.
# Add another claim:
#* As '''Name''', enter <code>uid</code>.
#* As '''Include in token type''', select "ID Token" and "Always".
#* As '''Value type''', select "Expression".
#* As '''Value''', enter <code>user.id</code>.


In General Settings:
== Connect Resco Cloud to OKTA ==
 
App integration name: Specify a name for your app integration.
 
Grant type: select the Refresh Token check box
 
Sign-in redirect URIs: enter https://<your_server_name>/Authenticate.aspx/ADFS
 
Sign-out redirect URIs: enter https://<your_server_name>
 
 
Native apps
 
In the Admin Console, go to Applications > Applications.
 
Click Create App Integration.
 
To create an OIDC app integration, select OIDC - OpenID Connect as the Sign-in method.
 
Select Native Application
 
Click Next.
 
In General Settings:
 
App integration name: Specify a name for your app integration.
 
Grant type: select the Refresh Token check box
 
Sign-in redirect URIs: enter https://www.resco.net/oauth.html
 
 
 
 
Authorization server
 
In the Security > API, select the Authorization Servers tab. Then, modify default  Authorization Server or click Add Authorization Server 
 
Name : Specify a name for Authorization server
 
Graphical user interface, text, application, email
 
Description automatically generatedAudience – enter https://resco.net/rescocloud
 
 
Graphical user interface, text, application, email
 
Description automatically generatedChoose Claims
 
Choose Add Claim
 
Name :  upn
 
Include in token type : Select Access ID Token. In the second dropdown box, choose Always
 
Value type: Expression
 
Value: user.email
 
 
 
Name :  uid
 
Include in token type : Select Access ID Token. In the second dropdown box, choose Always
 
Value type: Expression
 
Value: user.id
 
 
Connect your Resco Cloud to OKTA  


Resco Cloud  
Resco Cloud  

Revision as of 08:48, 11 May 2022

Warning Work in progress! We are in the process of updating the information on this page. Subject to change.

Resco Cloud supports Okta authorization.

Prerequisites

  • To set up Okta authorization, you need Resco Cloud version 15.1 or higher.
  • To use Okta authorization, the app also must be updated to version 15.1 or higher.

Okta configuration

Log in to the Okta admin console as an administrator and set up app integrations for the web app and native apps, and set up an authorization server for Resco Cloud.

Web apps

  1. In the Admin Console, go to Applications > Applications.
  2. Click Create App Integration.
  3. To create an OIDC app integration, select "OIDC - OpenID Connect" as the Sign-in method.
  4. Select Web Application and click Next.
  5. Set up the General Settings:
    • As App integration name, enter a name for your app integration, for example "resco cloud web app".
    • As Grant type, select "Refresh Token".
    • As Sign-in redirect URIs, enter https://<your_server_name>/Authenticate.aspx/ADFS.
    • As Sign-out redirect URIs, enter https://<your_server_name>.

Native apps

  1. In the Admin Console, go to Applications > Applications.
  2. Click Create App Integration.
  3. To create an OIDC app integration, select "OIDC - OpenID Connect" as the Sign-in method.
  4. Select Native Application and click Next.
  5. Set up the General Settings:
    • As App integration name, enter a name for your app integration, for example "resco cloud native apps".
    • As Grant type, select "Refresh Token".
    • As Sign-in redirect URIs, enter https://www.resco.net/oauth.html.

Authorization server

  1. In the Admin Console, go to Security > API.
  2. On the Authorization Servers tab, either modify the default authorization server or click Add Authorization Server to add a new one.
    • As Name, enter a name for authorization server, for example "resco cloud auth server".
    • As Audience, enter https://resco.net/rescocloud.
  3. Go to the Claims tab and click Add Claim:
    • As Name, enter upn.
    • As Include in token type, select "ID Token" and "Always".
    • As Value type, select "Expression".
    • As Value, enter user.email.
  4. Add another claim:
    • As Name, enter uid.
    • As Include in token type, select "ID Token" and "Always".
    • As Value type, select "Expression".
    • As Value, enter user.id.

Connect Resco Cloud to OKTA

Resco Cloud

Sign in to the Resco Cloud management console using a System Administrator user account.

Start the Admin Console

Select Settings > Organization from the menu to edit the properties of your organization.

In the Identity provider line, click Connect....

Choose OKTA

As Metadata URL, enter the URL to your OKTA Authorization server (e.g. https://{your domain}/oauth2/default )

The read-only Redirect URI is provided for your reference (you need it for OKTA configuration).

Enter the Client ID and Client Secret from OKTA Web app configuration

Enter the Native Client ID from OKTA Native App configuration

Retrieved from "https://wiki.yourdomain.com/index.php?title=Connect_Resco_Cloud_with_Okta&oldid=6603"