DNN OAuth Single Sign-On (SSO) with Okta as OAuth Provider

DNN OAuth Single Sign-On (SSO) authentication provider gives the ability to enable OAuth Single Sign-On for your DotNetNuke site. Using Single Sign-On you can use only one password to access your DotNetNuke site and services. Our authentication provider is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and Okta considering Okta as OAuth Provider. To know more about the other features we provide for DNN OAuth Single Sign-On (SSO), click here.

Pre-requisites: Download and Installation

• Download the DNN Oauth Single Sign On authentication provider with above link.
• Upload the installation package dnn-oauth-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
• Now under the Installed extensions tab select Authentication Systems. Here you can see the miniOrange DNN OAuth Authentication Provider.

• Just click on the pencil icon as mentioned in the image below to configure the DNN OAuth Authentication Provider.

• You have finished with the installation of the Authentication Provider on your DNN site.

Steps to configure DNN Single Sign-On (SSO) using Okta as IDP

1. Configure Authentication Provider for Setting up OAuth Single Sign-On (SSO)

• For configuring application in the authentication provider, click on the Add New Provider button in the Identity Provider Settings tab.


Select your Identity Provider

• Select Okta as Identity Provider from the list. You can also search for your Identity Provider using the search box.

2. Configure Okta as OAuth Provider

• First of all, login into your okta account using https://www.okta.com/login
• Go to the Okta Admin panel. Go to Applications -> Applications.

• You will get the following screen. Click on Create App Integration button.

• Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.

• You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. you will get that from miniOrange DNN OAuth plugin.

• Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.

• Now you will get the Client credentials and okta domain. Copy these credentials in miniorange DNN OAuth Plugin configuration on corresponding fields.

• Go to Applications tab and Click on your application.

• Select the Assignments tab.

• Click Assign and select Assign to People.
• If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]

• Click Assign next to a user name.

• Click Save and Go Back.

• Click Done.

• In your Okta admin dashboard, navigate to Security -> API.

• Select your SSO application and click on the edit icon.

• Go to claims tab and select the ID token option.

• click on Add claim button.

• Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.

• Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.

3. Configuring OAuth Provider

• Copy the Redirect/Callback URL and provide it to your OAuth provider.

4. Configuring OAuth Client

• Configure Client ID, Client Secret, update the endpoints if required and save the settings.

5. Test Configuration

• Now go to the Identity Provider Settings tab.
• Under the select actions click on the Test Configuration button to verify if you have configured the authentication provider correctly.

• On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.

6. Attribute Mapping

• For attribute mapping select the Edit Configuration from the select actions dropdown.
• Map email and username with Attribute Name you can see in Test Configuration window and save the settings.

You can even configure the ASP.NET OAuth Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

Additional Resources

• ASP.NET OAuth Single Sign-On (SSO)
• ASP.NET SAML Single Sign-On (SSO)
• nopCommerce SAML Single Sign-On (SSO)
• DNN REST API Authentication
• Umbraco SAML Single Sign-On (SSO)