Skip to content

rConfig - SSO with Okta

2 mins V7 Pro
Identity ProviderrConfig VersionTested
Okta7.0.5Yes

To setup Okta SSO Sign in, you will need to configure your Identity Provider and rConfig. The steps below will guide you through the process. You can also watch the tutorial video below.

Play

2. Configure your Okta Identity Provider

Section titled “2. Configure your Okta Identity Provider”

2.1. Create a new application for Okta

Section titled “2.1. Create a new application for Okta”

Okta configuration

  1. Create the app

    In the Okta portal click on “Applications > Create App Integration”

When the wizard launches select “OIDC - OpenID Connect” and “Web Application” click on “Next”

Fill out the form with the following details:

  • Choose a name for your application
  • Check the box for “Authorization Code” and Refresh Token
  • Add the following redirect URI: https://YourrConfigServerFqdn.domain.com/auth/callback/okta
  • Sign-out redirect URIs: https://YourrConfigServerFqdn.domain.com
  • Choose your assignments in the “Assignments” section
  • Click on “Save”

When the web application is created, you will be taken to the application settings page. Click on the Assignments tab and assign the users or groups that you want to have access to rConfig.

  1. Edit the rConfig .env file, located at /var/www/html/rconfig7/current/.env and add or edit the following lines :

    Terminal window
    OKTA_BASE_URL=https://YourFqdn.domain.com (Okta Domain)
    OKTA_CLIENT_ID=your_client_id(Application (client) ID )
    OKTA_CLIENT_SECRET=your_client_secret (Secret Value)
    OKTA_REDIRECT_URI=https://YourFqdn.domain.com/auth/callback/okta

    You can get the client id and secret from the Okta application settings page. The Okta domain is the URL of your Okta instance, which can be retrieved from the Okta dashboard. Go to Security > API > Authorization Servers and copy the “Issuer URI” value. Copy just the hostname part of the Issuer URI field (without the /oauth2/default part) - this is your Okta Base URL (it looks like https://)

    Save the file, exit and run the following command

    Terminal window
     php artisan rconfig:clear-all

If everything is setup correctly, a new login button will appear on the login page. See the screenshot below.

Users are not automatically granted access to the application by default when they sign in using SSO. They will need to be approved before they can login to rConfig. See the User Management section for more information. They will get the error below until they area approved by an admin. They will also need a role assigned to them to access the application.

SSO Login Error

Please check out our YouTube video on this topic.