Okta configuration

In Mail & Deploy Management Console

Create a new Identity Provider

GENERAL

NAME: M&D internal's name for the Identity Provider

DOMAIN: Your Okta domain (without HTTS://)

ISSUER: Your Okta issuer

CLIENT ID: We'll get this later

CLIENT SECRET: We'll get this later

CUSTOM SCOPES: groups (lowercase, just like the screenshot)

CALLBACK URL:  includes PORT if necessary, for example https://TITAN:14998/AuthenticationCallback/OpenIdConnect/Okta

CLAIMS

USER ID: leave as it is

USER NAME: name

E-MAIL ADDRESS: email

GROUPS: groups

(all lowercase, as shown in the screenshot)

GROUP MAPPING

IDP GROUP NAME: choose a name, in the example our group is MND_Admins and the users will be Administrators in M&D

In your Okta environment

Create an Application

with the following properties set

Sign-in method: OIDC - OpenID Connect

Application type: Web Application

Press Next

App Integration name: Choose a name for the Application

Grant type:  Implicit (hybrid)

Sign-in redirect URIs:  in M&D Settings -> INDENTITY PROVIDERS -> OpenID Connect -> GENERAL -> CALLBACK URL 

(the one that was noted before)

Controlled access: depends on your organization

Press save.

Application -> General

Fill in CLIENT ID and CLIENT SECRET in M&D OpenID Connect Identity Provider properties 

Groups

In this example we are creating a group that is called MND_Admins

Applications -> Applications -> Sign On

Groups claim type: Filter

Groups claim filter: groups     Matches regex     .*

Press save

Security -> API

Authorization Servers -> edit default

Add Scope

Claims

Name: groups

Include in token type ID Token   Userinfo / id_token request

Value type: Groups

Include in: The following scopes: groups

Press save

Token Preview 

Test the configuration

The Preview should show the group that you created beforehand as well as all the information of the user.

In Mail & Deploy Management Console

In this example the URL to access the Management Console using Okta is:

https://SERVER:PORT/management/okta