Jump to content

Connect Resco Cloud with Okta

From Resco's Wiki
Warning Work in progress! We are in the process of updating the information on this page. Subject to change.

Resco Cloud supports Okta authorization.

Prerequisites

  • To set up Okta authorization, you need Resco Cloud version 15.1 or higher.
  • To use Okta authorization, the app also must be updated to version 15.1 or higher.

Okta configuration

Log in to the Okta admin console as an administrator and set up app integrations for the web app and native apps, as well as an authorization server for Resco Cloud.

Web apps

  1. In the Admin Console, go to Applications > Applications.
  2. Click Create App Integration.
    • As Sign-in method, select OIDC - OpenID Connect.
    • As Application type, select Web Application.
    • Click Next.
  3. Set up the new app integration:
    • As App integration name, enter a name for your app integration, for example "resco cloud web app".
    • As Grant type, select Refresh Token.
    • As Sign-in redirect URIs, enter https://<your_server_name>/Authenticate.aspx/ADFS.
    • As Sign-out redirect URIs, enter https://<your_server_name>.
  4. Save all changes.

Native apps

  1. In the Admin Console, go to Applications > Applications.
  2. Click Create App Integration.
    • As Sign-in method, select OIDC - OpenID Connect.
    • As Application type, select Native Application.
    • Click Next.
  3. Set up the new app integration:
    • As App integration name, enter a name for your app integration, for example "resco cloud native apps".
    • As Grant type, select Refresh Token.
    • As Sign-in redirect URIs, enter https://www.resco.net/oauth.html.
  4. Save all changes.

Authorization server

  1. In the Admin Console, go to Security > API.
  2. On the Authorization Servers tab, either modify the default authorization server or click Add Authorization Server to add a new one.
    • As Name, enter a name for authorization server, for example "resco cloud auth server".
    • As Audience, enter https://resco.net/rescocloud.
  3. Go to the Claims tab and click Add Claim:
    • As Name, enter upn.
    • As Include in token type, select "ID Token" and "Always".
    • As Value type, select "Expression".
    • As Value, enter user.email.
    • Click Create.
  4. Add another claim:
    • As Name, enter uid.
    • As Include in token type, select "ID Token" and "Always".
    • As Value type, select "Expression".
    • As Value, enter user.id.
    • Click Create.

Connect Resco Cloud to Okta

  1. Sign in to the Resco Cloud management console using a System Administrator user account.
  2. Start the Resco Cloud Admin Console.
  3. Select Settings > Organization from the menu to edit the properties of your organization.
  4. In the Identity provider line, click Connect...
  5. Select OKTA.
  6. As Metadata URL, enter the URL of your Okta authorization server (e.g., https://{your domain}/oauth2/default).
  7. The read-only Redirect URI is provided for your reference (you need it for Okta configuration).
  8. Enter the Client ID and Client Secret from Okta web app configuration.
  9. Enter the Native Client ID from Okta native apps configuration.
  10. Click Connect Now to validate the configuration and save it.
Retrieved from "https://wiki.yourdomain.com/index.php?title=Connect_Resco_Cloud_with_Okta&oldid=6613"