...
To ensure the successful operation of this plugin, it is essential to whitelist the domains or IP addresses of the host. Typically, this involves adding the IP address or domain name of your Joget application server to the whitelist. To access this section of Joget, go to Settings → General Settings and scroll down till you see API Domain/IP Whitelist section.
Figure 1: API Domain/IP Whitelist
| Name | Description | |||||||
|---|---|---|---|---|---|---|---|---|
| API Domain Whitelist (Separated by ';') | Domain whitelist to allow API calls to Joget Workflow. Separated by semicolon.
| |||||||
| API IP Whitelist (Separated by ';') | IP address whitelist to allow API calls to Joget. Separated by semicolon.
|
3. Licensed Users
Please review the Licensed Users in the License section of Joget. If you surpass the allowed user limit, you won't be able to log in to Joget following the Single Sign-On (SSO) process.
Figure 2: Licensed Users
Setting up OKTA
1. Create a OKTA Developer Account
Create Developer Account at https://developer.okta.com/signup/ and compete the signup process. For this the setup in this article, we will be using Workforce Identify Cloud Account.
Figure 13: Okta Developer Account Sign up
...
Go to your Okta developer account, and navigate to Applications > Create App Integration.
Figure 24: Okta Developer Dashboard - Creating App Integration
4. Choose SAML 2.0.
Figure 35: App Integration - SAML 2.0
...
You may click on "Do not display application icon to users" if you do not want this app to appear in Okta's end user interfaces.
Figure 46: General Settings
In the next screen, we will be required to provide SSO URL and SP Entity ID.
Figure 57: SAML Settings
Here we will need Single sign-on URL & Audience URI (SP Entity ID). Please key in the following in both the fields
...
Change Name ID format onto EmailAddress.
Figure 68: SAML Setting (General)
Scroll down to Attribute Statements (optional) and fill up the attribute mappings. The mappings are needed to identify the users that will be logging in.
Figure 79: Attribute Statements
| Info | ||
|---|---|---|
| ||
Click Add Another to create an extra attribute statements. |
...
Edit the app integration that we have just created on Okta.
Figure 810: Obtaining Metadata
Copy the Metadata URL and open it in a new window. Copy the entire content.
Figure 911: Metadata
Scroll down to look for SHA-2 cert and download certificate.
Figure 1012: Download Certificate
Figure 1113: Okta Certificate
5. Add users to App Integration
We will need to assign user(s) to the app. Navigate to Applications > Assignments > Assign.
Figure 1214: Assign Users to App
Once assigned, the selected users are now able to SSO into Joget using their identity in Okta.
...
Once the plugin in uploaded, go to Settings → Directory Manager Settings → choose SAML Service Provider Directory Manager - 8.0.0 and click Select.
Figure 1315: Select Plugin
Open the certificate with your text editor and copy the value and paste it into Joget.
Figure 1416: Paste the Cert Content
Paste the content into Metadata in Joget.
Figure 1517: Paste Metadata
| Info | ||
|---|---|---|
| ||
You may want to check on User Provisioning Enabled so that if it is the first time an user SSO into Joget, an user account would be created in Joget and the user would be able to continue to log in to Joget. |
Configure the user attributes.
Figure 1618: Configure User Attributes
...
Configure the Login Button. This login button will be shown at the Joget Login Screen to enable use to perform Single Sign On (SSO) using OKTA.
Figure 1719: Configure Login Button
Up to this point, we have successfully created app integration in Okta and configured the SAML Service Provider Directory Manager - 8.0.0 plugin in Joget.
...
| Info | ||
|---|---|---|
| ||
Login screen may differ as show below depending on the App Center but login button will be shown. |
Figure 1820: Joget Login screen
Upon clicking on the blue login button, the user will be redirected to Okta.
Figure 1921: OKTA Login Screen
Upon successfully login in Okta with your registered email you would be redirected back to Joget and will be logged in.
...