Search Results :

×

DNN OAuth Single Sign-On (SSO) with Okta as OAuth Provider


DNN OAuth Single Sign-On (SSO) authentication provider gives the ability to enable OAuth Single Sign-On for your DotNetNuke site. Using Single Sign-On you can use only one password to access your DotNetNuke site and services. Our authentication provider is compatible with all the OAuth compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and Okta considering Okta as OAuth Provider. To know more about the other features we provide for DNN OAuth Single Sign-On (SSO), click here.

Pre-requisites: Download and Installation

  • Download the DNN Oauth Single Sign On authentication provider with above link.
  • Upload the installation package dnn-oauth-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.
  • Now under the Installed extensions tab select Authentication Systems. Here you can see the miniOrange DNN OAuth Authentication Provider.
  • DNN OAuth SSO - Authentication Provider
  • Just click on the pencil icon as mentioned in the image below to configure the DNN OAuth Authentication Provider.
  • DNN OAuth SSO - Authentication Provider pencil icon
  • You have finished with the installation of the Authentication Provider on your DNN site.

Steps to configure DNN Single Sign-On (SSO) using Okta as IDP

1. Configure Authentication Provider for Setting up OAuth Single Sign-On (SSO)

  • For configuring application in the authentication provider, click on the Add New Provider button in the Identity Provider Settings tab.
  • DNN OAuth SSO - add new IDP

    Select your Identity Provider

  • Select Okta as Identity Provider from the list. You can also search for your Identity Provider using the search box.
  • DNN OAuth SSO - Select identity provider

2. Configure Okta as OAuth Provider

  • First of all, login into your okta account using https://www.okta.com/login
  • Go to the Okta Admin panel. Go to Applications -> Applications.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Add App Shortcut
  • You will get the following screen. Click on Create App Integration button.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Add Application
  • Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Select Methods
  • You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. you will get that from miniOrange DNN OAuth plugin.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - callbackURL
  • Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Unchecked Box
  • Now you will get the Client credentials and okta domain. Copy these credentials in miniorange DNN OAuth Plugin configuration on corresponding fields.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - clientcredentials
  • Go to Applications tab and Click on your application.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Select App
  • Select the Assignments tab.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - assignment
  • Click Assign and select Assign to People.
  • If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - select assign people
  • Click Assign next to a user name.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - click on assign
  • Click Save and Go Back.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - go back
  • Click Done.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Click on Done
  • In your Okta admin dashboard, navigate to Security -> API.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Navigate to API
  • Select your SSO application and click on the edit icon.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Click on Edit
  • Go to claims tab and select the ID token option.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Select ID Token
  • click on Add claim button.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP - Add claims
  • Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP -newclient login button setting
  • Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.
  • DNN OAuth Single Sign-On (SSO) using Okta as IDP -newclient login button setting

3. Configuring OAuth Provider

  • Copy the Redirect/Callback URL and provide it to your OAuth provider.
  • DNN OAuth SSO - DNN OAuth Redirect URL

4. Configuring OAuth Client

  • Configure Client ID, Client Secret, update the endpoints if required and save the settings.
  • DNN OAuth SSO - Configuration DNN OAuth SSO - Configuration

5. Test Configuration

  • Now go to the Identity Provider Settings tab.
  • Under the select actions click on the Test Configuration button to verify if you have configured the authentication provider correctly.
  • DNN OAuth SSO - Testing OAuth SSO
  • On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.
  • DNN OAuth SSO - Testing OAuth SSO

6. Attribute Mapping

  • For attribute mapping select the Edit Configuration from the select actions dropdown.
  • Map email and username with Attribute Name you can see in Test Configuration window and save the settings.
  • DNN OAuth SSO - DNN OAuth Attribute Mapping

You can even configure the ASP.NET OAuth Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

Additional Resources

Need Help?

Not able to find your identity provider? Mail us on dnnsupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com