Versions Compared

Old Version 1

changes.mady.by.user Gjøran Moen

Saved on

compared with

New Version 7

changes.mady.by.user Mari Fuglem

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Verify the version of Windows Server

...

Info

2024.04.22 Notice that the Kantga SSO app refered to in Configure Okta is not yet available. The app will be available as soon as the documentation is approved by Okta.

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.

...

2. Redirect Mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

...

3. Prepare IDP

Copy and save the Callback URL for later. You will need this when configuring AD FSOkta.

...

Configure

...

Okta

Status
colourPurple
titleExternalAD FS

On your Windows Server 2016 TP4 or later server, Open the AD FS Management console on the AD FS server. Select Add Application Group.

Give the app a name and select the Server application accessing a web API.

...

Copy the Client Identifier value. You will need this id later.

Add the Callback URL from the Kantega SSO wizard into the list of Redirect URIs.

...

Select Configure Application Credentials and generate a shared secret. Copy the shared secret, you will make use of it later.

...

Add your site’s URL in the Identifier list (in our example https://jira-test.example.com/).

...

  • Select Permit everyone in Choose an access control policy.

...

Let openid be the Permitted scopes as is the default.

...

Verify everything looks correct on the summary screen.

...

Info

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up OIDC.

Login to Okta as an admin user.

Go to Applications → Applications in the menu and choose Browse App Catalog.

...

Sarch for Kantega and then select Kantega SSO.

...

Then click Add integration

...

Enter an appropriate Application label in General Settings.

...

Click Next.

Select OpenID Connect (OIDC) as Sign on method.

Copy (right click) and keep the URL from the link: OpenID Provider Metadata. You will need this in a later step of the Identity Provider setup in KSSO.

Paste the Callback URL you copied in Kantega SSO Identity provider setup (step Prepare IDP) and paste it into the field OIDC Redirect URL.

...

Press Done.

Select the Assignments tab. Assign your integration to users or groups.

...

Select the Sign on tab. Copy and keep the Client ID and Client secret for later use. You will need these in a later step in the Identity Provder setup in KSSO.

...

Go back to the Kantega SSO setup wizard, step 3 Metadata.

...

4. Metadata

I In the Metadata step paste the URL you enter the ADFS host to complete the copied from the link, OpenID Provider Metadata into IDP Discovery URL.

...

...

5. Scopes

These are the scopes we were able to fetch from the metadata. You can add scope values from a list, start typing to add your own or unselect them. A minimum of one scope value is required.

...

...

6. Credentials

Paste the Client IdentifierID and Client Secret you copied from AD FS Management console earlier and clik Next.

...

kept from the Okta App Sign On settings earlier.

...

7. Summary

Confirm Check that everything looks good .

...

and submit your setup (smile)

...

Test

Test that logging in with AD FS Okta works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.

...