Configure Okta for the Use with empower®

Required Permissions: IT Admin

Okta can be used as identity provider for empower®.

To do so, it must be configured before installing the empower® Backend.

The following table provides an overview of features that can be used with Okta:

Feature

Supported

User login using Okta

Yes

Synchronization of users and groups into empower®

Yes

Ad-hoc provisioning of users and groups without synchronization

Yes

Synchronization of additional attributes (for empower® in Word and Outlook)

No

Set up Okta

To integrate Okta with empower® and synchronize users and groups, two applications need to be configured in Okta.

The application empower will be used to log in users. It will be a standard OpenID Connect web application.

The application empower Directory Sync will be used to synchronize users and groups into the empower® Database.

While these applications can be set up manually, it is recommended to use the PowerShell script that is provided by empower.

Especially the application empower Directory Sync cannot be fully set up using the Web user interface because a JSON Web Key Set needs to be generated.

Furthermore, using the PowerShell script will generate a .json file which can then be imported via the empower® Backend Installer to automatically configure the backend for Okta.

The PowerShell script needs to create the two applications.

Therefore, permissions in Okta are required. This is only possible using an Okta API key created from an account with sufficient permissions to create and modify applications.

The API key will only be used by the script file for setting up the applications. It will not be stored and can be deleted immediately afterwards.

Note

The script can be inspected to validate that no operations other than the ones described below are performed.

Step-by-Step Guide

To configure Okta, follow the following steps:

  1. In Okta, log in with a user that has the required permissions.

  2. Navigate to the section Security API.

  3. Open the tab Token.

  4. Click on the button Create Token.

  1. Download the required script from the following link:

    Download Script for Okta

  2. Unpack the downloaded .zip folder.

    The unpacked folder contains the file register_empower_in_okta.ps1.

  1. Start PowerShell in the unzipped folder.

  2. Execute the script register_empower_in_okta.ps1.

  3. Specify the Okta Domain.

    The Okta Domain can be found under the profile in Okta.

  4. Enter the API token which you have created in step 4.

  5. If groups should be synced, confirm with Y in PowerShell and specify the public host name.

    If groups should not be synced, confirm with N in PowerShell.

    In this case, only the users defined in Okta for the application will be synced.

After the execution of the script, the file empower_okta_configuration.json is generated in the same folder in which you have executed the script.

This file is required for the installation of the empower® Backend.

Important

Make sure to store the configuration file empower_okta_configuration.json securely.

In addition, send it to empower® Support.

Note

If you are hosting in the empower® Cloud, empower® Support will take care of the backend installation.

If you are not hosting in the empower® Cloud, continue with the installation of the empower® Backend.

Note

The user interface in the Okta Portal may change any time. If you are unsure about an aspect, refer to Okta documentation.

To make sure only users who use empower® are synchronized to empower®, the users or user groups need to be assigned to the application empower Directory Sync.

To do so, follow the following steps in Okta:

  1. Navigate to the tab Directory.

  2. Choose the section People.

  3. Choose the user or user group you want to assign to the application.

  4. Click on the button Assign Applications.

  5. Assign the application empower Directory Sync.

  6. Repeat this process for all users who will work with empower®.

Note

The user interface in the Okta Portal may change any time. If you are unsure about an aspect, refer to Okta documentation.

Configure Okta in Backend Installer

After the Okta configuration via the script, the .json file empower_okta_configuration.json can be imported via the empower® Backend Installer.

To do so, execute the empower® Backend Installer.

Follow the steps in the installer. You will need to upload the file empower_okta_configuration twice during the installation.

Note

You only need to perform the backend installation yourself if you are not hosting in the empower® Cloud.

If you are hosting in the empower® Cloud, empower® Support will take care of the backend installation.

For further information regarding the empower® Backend Installer, see Install the empower® Backend (Version >= 9.7).

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.