IdP Setup: Okta

What

Starting with FileWave Version 14.2.0, we can use Okta for authentication from FileWave. We must create a new application in the Okta Portal and give FileWave access to it. 

When/Why

This configuration is required if you want to use Okta for authentication during device enrollment or during login to the FileWave Web and Native administrator consoles.

How

Okta Admin UI
The UI may look different depending on if you are using a Trial Okta organization or the regular, non-Trial version of the Okta.

Part 1: Login to the Okta Admin Portal

Okta Admin Portal

Begin by logging in to the Okta Admin Portal with an administrator's account. (https://example-admin.okta.com/admin)

Part 2: Create an Okta Application in the Okta Admin Portal

Create an Okta Application Integration in Okta Admin Portal

Now we are going to create an Okta application for FileWave to talk to and assign some rights to it.

First, open the Okta Admin > Menu > Applications > Applications menu and click the Add Application button. Next, click the Create New App button to open the Create a New Application Integration dialog.

Select Web for the Platform type. Check the OpenID Connect radio button. Click the Create button. Next, configure your Application on the Create OpenID Connect App Integration page.

Input a meaningful name in the Application name field. Click the Add URI button for the Login redirect URIs setting.

Paste and input all the FileWave Server redirect URIs in the Login redirect URIs setting.

If you do not know your redirect URIs then just put some placeholder URI for now and it can be edited later.

Login Redirect URIs for FileWave are displayed in the FileWave Web Admin Settings. 
Login Redirect URIs will look something like the following:
https://fwxserver.example.com:443/api/auth/login_via_idp_redirect
https://fwxserver.example.com:443/api/auth/login_via_idp_redirect_for_native 
https://fwxserver.example.com:443/api/auth/login_via_idp_redirect_for_device 

Click the Save button to create the Okta App integration.

Part 3: Configure the Okta App in FileWave

Assign Okta Users and/or Groups to the Okta App Integration

Now we are going to configure the Okta App to connect with FileWave.

First, open the Okta Admin > Menu > Applications > Applications menu and select the Okta App that was created. On the Okta App > Assignments tab, click the Assign button to assign the App to specified Okta Users and/or Groups.

Configure an Okta App in the FileWave Web Admin Console

In order for FileWave to communicate with Okta for authentication the Okta App will need to be configured with FileWave.

Begin by logging into the FileWave Web Admin and open the Settings button (gear icon in the header). 

Open the Identity Provider menu in the FileWave Web Admin Settings

On the Identity Provider menu, click the Okta button or New Identity Provider button in the top right.

Select Okta in the IDP Type dropdown. Input a meaningful name in the Name field. Input the Okta Client ID value in the Client ID field.

Okta Client ID

Open the Okta Admin > Menu > Applications > Okta App > General tab and copy the Client ID value to a secure location.

Input the Okta Client Secret value in the Client Secret field.

Okta Client Secret

Open the Okta Admin > Menu > Applications > Okta App > General tab, click the "reveal" button for the Client Secret, and copy the Client Secret value to a secure location.

Input the Okta API Token value in the API Token field.

Okta API Token

Open the Okta Admin > Menu > Security > API menu and open the Tokens tab.

Click the Create Token button in the Tokens tab. Input a meaningful name in the API token's Name field. Click the Create Token button in the Create Token dialog and copy the API token and store it in a secure location.

Okta API tokens are only displayed to be copied once, make sure to store this token somewhere secure for use in the future.

Input the Okta Domain in the Domain field. The value in FileWave should not be saved with the "https://" portion.

Okta Domain

Open the Okta Admin > Menu > Applications > Okta App > General tab and copy the Domain value to a secure location.

Select the Organization authorization server radio button unless you have setup a custom authorization server. Check the Enrollment checkbox if you want to use this Okta App authentication for FileWave Device enrollment.

Only one Identity Provider can be configured for FileWave Device Enrollment authentication.

Check the Admin checkbox if you want to use this Okta App for FileWave Native and Web Admin console authentication.

Only one Identity Provider App instance (Okta, Azure AD, etc.) can be configured with the Admin authentication for each type of Identity Provider.

Click the Create / Save button in the Identity Provider card.

Login Redirect URLs

 In order for Okta authentication to redirect back to FileWave the Login Redirect URLs will need to be configured in the Okta App.

Start by opening the FileWave Web Admin > Settings > Identity Provider menu. Create or Edit a configured Okta Identity Provider card. Click the Get URLs button to display the dialog showing the Login Redirect URLs.

Next, login to the Okta Admin Portal and open the Okta Admin > Menu > Applications > Applications menu Select the Okta App that was created that needs the Login Redirect URIs modified. Open the General tab for the Okta App and click the Edit button in the "General Settings" section.

Copy the Login Redirect URLs from the FileWave Web Admin > Settings > Identity Provider > Okta App and paste all the Login Redirect URIs in their own rows.

Click the Save button in the "General Settings" for the Okta App.

Part 4: Configuring and Authenticating with Okta Users

Configure an Okta Identity Provider for Authentication

An Okta App will need to be configured in the FileWave Identity Provider settings for use with FileWave Device enrollment and/or FileWave Admin authentication.

Begin by logging into the FileWave Web Admin and open the Settings button (gear icon in the header). Click the Edit button on the Okta App card that will be used for authentication. Check the Enrollment checkbox if you want to use this Okta App authentication for FileWave Device enrollment.

Only one Identity Provider can be configured for FileWave Device Enrollment authentication.

Check the Admin checkbox if you want to use this Okta App for FileWave Native and Web Admin console authentication.

Only one Identity Provider App instance (Okta, Azure AD, etc.) can be configured with the Admin authentication for each type of Identity Provider.

Click the Save button on the Okta App to confirm any authentication changes.

Configure FileWave Admin IdP Groups

FileWave Admin IDP Groups will need to be created in order to use the Okta App for authentication with the FileWave Native or Web Admin console. See: Adding IdP Groups for FileWave Authentication

Authenticate with Okta during FileWave Device Enrollment

Once the Enrollment checkbox is set for an IDP configuration then the Okta App can be used for authentication during FileWave Device enrollment. See: Configuring DEP Profiles for IDP Authentication

Login with Okta for FileWave Native or Web Admin Console

Once FileWave Admin IDP Groups are created for an Okta App the Login with Okta option can be used with the FileWave Native or Web Admin console for authentication. See: Admin Login in Using an IdP Provider

Related Content

IdP Setup: Azure AD Adding IdP Groups for FileWave Authentication Adding IdP Groups for FileWave Authentication Admin Login in Using an IdP Provider