How do I configure Okta for authentication and user management in Mail & Deploy?

Modified on Fri, 30 Aug at 1:14 PM

FIRST CREATED ON 5 Sep 2023  I  AUTHOR Emma Camacho


Configuring Okta for authentication and user management in Mail & Deploy streamlines user access and enhances security. Here’s a step-by-step guide to set it up efficiently:  


1) In Mail & Deploy Management Console


Create a new Identity Provider




IN GENERAL


NAME: M&D internal's name for the Identity Provider

DOMAIN: Your Okta domain (without HTTS://)

ISSUER: Your Okta issuer

CLIENT ID: We'll get this later

CLIENT SECRET: We'll get this later

CUSTOM SCOPES: groups (lowercase, just like the screenshot)

CALLBACK URL:  includes PORT if necessary, for example https://TITAN:14998/AuthenticationCallback/OpenIdConnect/Okta




IN CLAIMS


USER ID: leave as it is

USER NAME: name

E-MAIL ADDRESS: email

GROUPS: groups

(all lowercase, as shown in the screenshot)



IN GROUP MAPPING



IDP GROUP NAME: choose a name, in the example our group is MND_Admins and the users will be Administrators in Mail & Deploy





2) In your Okta environment



Create an Application with the following properties set:


Sign-in method: OIDC - OpenID Connect

Application type: Web Application


Press Next






App Integration name: Choose a name for the Application

Grant type:  Implicit (hybrid)



Sign-in redirect URIs:  in M&D Settings -> INDENTITY PROVIDERS -> OpenID Connect -> GENERAL -> CALLBACK URL 

(the one that was noted before)






Controlled access: depends on your organization



Press save.


Application -> General


Fill in CLIENT ID and CLIENT SECRET in M&D OpenID Connect Identity Provider properties 




Groups



In this example, we are creating a group that is called MND_Admins



Applications -> Applications -> Sign On




Groups claim type: Filter

Groups claim filter: groups     Matches regex     .*


Press save


Security -> API

Authorization Servers -> edit default



Add Scope




Claims


Name: groups

Include in token type ID Token   Userinfo / id_token request

Value type: Groups

Include in: The following scopes: groups

Press save


Token Preview 


Test the configuration


The Preview should show the group that you created beforehand as well as all the information of the user.



3) In Mail & Deploy Management Console



In this example, the URL to access the Management Console using Okta is:

https://SERVER:PORT/management/okta



Looking for Additional Guidance?


If you require more detailed information or further assistance, please visit our comprehensive Online Documentation. Our resources are designed to help you navigate all features and functionalities effectively.




Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article