Configuring Okta in CITSmart

this authentication method allows you to use the okta features to authenticate users of your organization use the okta features to authenticate users of your organization in a citsmart citsmart instance this document explains the steps in configuring this method to learn more about okta, visit okta com before getting started the configuration of this solution is a multi phase process; the first step is the creation of an okta account procedure 1st step create an okta account access the site https //www okta com ; click on " try okta " and then on " sign up today "; enter the essential data (e mail, name, and last name); 4\ click on " get started " to complete the operation then check the registered e mail (which will send an access link), access the account with the temporary password sent, and change it for greater data security; 2nd step created citsmart citsmart application within okta after completing the previous step, connect to okta with your newly created account; click on the " applications " tab and then on " add application "; 3\ click on " create new app "; 4\ select the option " saml 2 0 " and then click on " create "; 5\ in the " app name " field, add the name of the application, and soon after, it is necessary to click on " next "; 6\ configure the application path and then click on next ⚠️ attention ! in the " single sign on url " and " audience uri (sp entity id)" fields, the url addresses on which the citsmart citsmart application will be executed should be included 7\ select the options " i'm an okta customer adding an internal app " and " this is an internal app that we have created " then, click on " finish " 3rd step assign users to okta's citsmart citsmart application after completing the previous step, you need to click on the " applications > applications " tab and then on " assign applications " and choose the filter called " people "; 2\ then you can choose the user who will be allowed to access the application that is being created click on " assign " and then, to finish, click on " done "; 4th step include required information in the citsmart citsmart configured on okta you will need to configure some data in the wildfly directory access the directory, open the " /standalone/configuration " folder and change the file " citsmart cfg " 2\ when accessing the file, you need to include this information in the file " citsmart cfg " a) in the line, saml2 host and saml2 port includes the address and port of the citsmart citsmart application; b) in the line, saml2 metadata includes the saml metadata of the okta this data can be obtained by following the instructions below access the citsmart citsmart application in okta, click the " applications > applications " tab, and then on " sign on " when you click on the " identity provider metadata " option, a new tab will be available to the metadata, copy the url of the browser and insert in the property saml2 metadata ; c) in the line, okta url includes the main url in the okta account d) in the line, okta token includes the token to access through api to get this token, follow these steps access the citsmart citsmart application in okta, select the " security > api " menu, and then click on " create token " name the token and click on " create token " it will be presented the token value to be copied on the line quoted above e) in the line, okta domain alias includes the domain of users coming from okta 5th step synchronize okta user on citsmart citsmart within citsmart citsmart , access the " okta config " menu and register a new configuration by clicking on " new "; 2\ complete the fields with the necessary information description introduce a definition of this new setting okta; alias include the user domain that will be saved to the database example okta\ mailto\ administrador\@citsmart com ; url domain should include the same value (url) that was entered in the line okta url in the " citsmart cfg " file; token api include the same value of the token inserted in the line okta token in the file " citsmart cfg "; group insert the id of the group in which the synchronized and registered user will belong in citsmart citsmart ; access profile insert the profile id in which the synchronized and registered user will belong in citsmart citsmart ; application id include the application id this information can be retrieved from the okta url, as shown below 3\ click on " save " and then on " synchronize users " to perform the operation 6th step configure the logout since okta does not have a logout screen, in parameter 377 of citsmart citsmart , we can insert some page address to redirect the user to the end of the session; set up the logout link also at the address ( admin > settings > customization > sign out page ) , then check the " use the custom sign out page " option therefore, enter the url ( https //localhost 8443/citsmart/saml/logout ) with the appropriate adaptations (host and port), according to the image below 🖊 note when logout in citsmart citsmart , do not log out from the okta, since users may have other applications in the okta session in contrast, if you do okta logout , the user session in citsmart citsmart will be removed what to do next once the okta integration with citsmart citsmart is complete, some citsmart citsmart parameters can be configured to better customize this integration they are the parameter 445 (name of the administrator group in okta) allows you to choose the administrator group in the okta solution if the user belongs to this chosen group, he/she will have the access profile defined as administrator if this is not the case, your access profile will be the default profile defined by parameter 39