• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Mail
  • Advanced

  • People Directory
• Log In

1. Dashboard
2. QuickBuild 12.0.x
3. Documentation Home
4. Build Setup Tutorials
5. Single Sign-On
6. Single Sign-On with Okta (OpenID)
7. Information
8. Page Comparison

• Log In

Single Sign-On with Okta (OpenID)

Version 3 by Robin Shen on Jan 11, 2022 06:46. << Changes from 2 to 3 compared with Current by Robin Shen on Jan 11, 2022 06:51.

Key These lines were removed. This word was removed. These lines were added. This word was added. View page history

Comment:

There are 2 changes. View first change.

		h1. Purpose
		This tutorial demonstrates how to set up QuickBuild to authenticate via [Okta|https://okta.com] using OpenID protocol
		h1. Basic Setup
		# Make sure your QuickBuild instance is publicly accessible, and configure the public server url in system setting:
		!server-url.png!
		# Login to Okta to add an application integration with sign-in method as OIDC and type as web application
		!add-app.png!
		# Continue to set up the application and specify sign-in redirect url as below:
		!redirect-url.png!
		For assignment option in this page, just use _Allow everyone in your organization to access_ for simplicity purpose
		# Save the application and copy out the client id and client secret to be used later:
		!client-id.png!
		# From Okta menu, select Security/Api to display authorization servers. Copy out the issuer url of default server to be used later:
		!issuer-url.png!
		# At QuickBuild side, setup SSO via OpenID like below. Copy issuer url, client id and client secret from Okta. Specify _Groups Claim_ as _groups_
		!openid-sso-provider.png!
		# Save the provider, and sign out QuickBuild. Visit QuickBuild again **via the public url**, and then you should be able to login via OpenID
		# Save the provider, and sign out QuickBuild. Visit QuickBuild again *via the public url*, and then you should be able to login via Okta
		!sso-login.png!
		h1. Authorize Users Based On Okta Group Membership Information
		Now we continue to set up Okta to send group membership information so that user can be authorized with appropriate permissions
		# Visit detail page of the default authorization server we seen before, switch to scopes tab and add a scope of name _groups_ with default options:
		!group_scope.png!
		# Switch to claims tab and add a claim of name _groups_ to be included in ID token and groups scope like below:
		!groups_claim.png!
		# At QuickBuild side, switch to group management page, and add necessary Okta groups (same name) and assign appropriate permissions
		# At QuickBuild side, switch to group management page, add necessary Okta groups (same name) and assign appropriate permissions
		Now users signed in via Okta will be authorized with permissions available in corresponding groups

• Powered by Atlassian Confluence 2.10.3, the Enterprise Wiki.
• Printed by Atlassian Confluence 2.10.3, the Enterprise Wiki.
• Bug/feature request –
• Atlassian news –
• Contact administrators