This article teaches you how to set up Single Sign-On (SSO) authentication with Okta. The SSO can be implemented for both Web and Admin Portals.
Keep in mind that when you activate an SSO authentication, the following OfficeRnD Workplace authentication services are disabled:
The standard login with an OfficeRnD Workplace user and password
The "Reset password" links in OfficeRnD Workplace
The token for authentication is what employees receive when invited to the Members Portal.
Enable SSO with Okta
1. Open https://developer.okta.com
2. Go to Applications and Create App Integration.
3. Choose OIDC - OpenID Connect. Please note that we do not support other protocols.
4. Select Web Application and click Next.
6. Give your Okta app an appropriate name.
7. Open OfficeRnD Workplace and go to Settings > Integrations.
3. Look for SSO Authentication and click Activate.
4. Next, click Configure.
5. Copy the Return URL and paste it into the Sign-in redirect URIs field in Okta. Sign-out redirect URIs is optional but, in case you need to fill that in, please use the same URL and replace /return with /log-out.
6. In Okta, enter the following in the Base URL: https://workplace.officernd.com
7. Select the Controlled Access option from the tab called Assignment.
8. Save the Application.
9. Copy the Client ID and Secret from Okta and paste them into the respective fields in OfficeRnD Workplace.
10. Finally, enter the Discovery URL in OfficeRnD using your Okta Domain. The URL should follow this syntax:
https://okta domain value/oauth2/default/.well-known/openid-configuration.
E.g.: https://dev-8934962.okta.com/oauth2/default/.well-known/openid-configuration
Note: The Discovery URL might not be resolved with this syntax. That depends on Okta entirely. If you receive a Failed to resolve discoveryUrl message, use the following syntax:
https://okta domain value/.well-known/openid-configuration
More info on Okta's Discovery URL formatting can be found here.
11. (optional) Enable Account Activation in OfficeRnD. With this setting enabled, employees who already exist in OfficeRnD Workplace can log into the Portal without needing to be explicitly invited. If this setting is disabled, employees without prior access to the Portal will need to have it Enabled by an administrator.
12. Hit the Update button.
Admin Portal SSO
After configuring the Web Portal SSO, you can also add your Admin Portal SSO.
1. Click Configure on the SSO integration in OfficeRnD Workplace.
2. Click Activate Admin Portal SSO:
3. Copy the Return URL.
4. Open your application in Okta.
5. Edit the General Settings.
6. Under the LOGIN section and Sign-in redirect URIs, click Add URI.
7. Paste the copied Return URL.
8. Save your changes on both platforms.