Configure Open ID connect with OKTA

1. Following the steps below to set up Okta and OpenID connect.
2. Check OKTA for the Provider option and for the Protocol click on OpenID Connect.

3. Log in to your OKTA account.

4. Click on Applications and from the drop-down select Applications.

5. Click on Create App Integration.

6. As shown in the figure below, Check OIDC- OpenID Connect as the Sign-in Method and Web Application as the Application type and click on Next.

7. On the next page perform the following steps:

   • Enter an App Name in the App Integration Name section.

- Copy the Sign-in redirect URLs from OKTA, and paste that URL into the Redirect URL field in KloudHybrid.

- Assignments: Scroll down the page to Assignments and click on Limited access to selected groups from the Controlled Access options.

-  Selected group(s): Enter the name of the group to grant Admin access to the application created.

-  Click on Save to save the configurations.

8. Once the Application is created successfully, the following window appears. It has detailed information for the Application.

   **a. General:**
   
       - Client Credentials: Copy the Client Id and Client Secret information and enter the same information in Insights as shown in the figure below. Also, enter the name for ROLE ADMIN as shown in the figure below.
   

   NOTE: This ROLE ADMIN name is the group of users in the Okta portal, which will be assigned the ADMIN role once logged into the Hybrid App.

    - General Settings: Enter the same Okta domain name in the Okta domain section on the “External Authentication” page in Insights as shown in the figure above.

    - User Consent: The Require Consent option is checked by default, deselect if you don’t wish to require user consent to data sharing with the KloudHybrid application.

b. Sign-on: Click on Sign-on

    - OpenID Connect ID Token: Scroll down and click on Edit.

    - In the Groups claim filter section, select the Start with option. Then type the prefix of the group to be added (Eg.Ks-). Click on Save.

9. Finally. Open KloudManage. In the role mapping section, add the same name as in the OKTA group (Eg. Ks-admin). Additionally, you can set the following settings in the “Role Mapping” section.

   • Default Role: This is the role/permission set that SSO users will be assigned to by default the first time they login (unless other role mappings apply). The default system configuration for this is ROLE_USER, which will give all SSO users user permissions by default.
   • ROLE_MANAGER: If you have configured a specific group in OKTA that you would like to assign manager permissions, set this field. See the User & Permission Management section for additional details
   • ROLE_ADMIN: If you have configured a specific group in OKTA that you would like to assign admin permissions, set this field. See the User & Permission Management section for additional details.
   • ROLE_USER: If you have configured a specific group in OKTA that you would like to assign user permissions, set this field. See the User & Permission Management section for additional details.
   • ROLE_CUSTOM: If you have configured a specific group in OKTA that you would like to assign a custom role, set this field. See the User & Permission Management section for additional details.
   • ROLE_XXXX: If you have configured a specific group in OKTA that you would like to assign a specific role, set this fields. See the User & Permission Management section for additional details. XXXX represents the role name to be added.

10. Click on save. This allows you to login into KloudHybrid with OKTA OpenID Connect with a single click.