DNN OAuth Single Sign-On (SSO) with Okta as OAuth Provider
DNN OAuth Single Sign-On (SSO) module gives the ability to enable OAuth Single Sign-On for your DotNetNuke site. Using Single Sign-On you can use only one password to access your DNN site and services. Our module is compatible with all the OAuth-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DNN and Okta considering Okta as OAuth Provider. To check other features we provide, click here.
Pre-requisites : Download And Installation
- Download the DNN OAuth Single Sign On module with above link.
- Extract the package and upload the extension dnn-oauth-single-sign-on_xxx_Install by going to Settings > Extension > Install Extension
1. Adding module on DNN page
- Open any of the page on your DNN site (Edit mode) and Click on Add Module.
- Search for oauthclientsso and click on the oauthclientsso. Drag and drop the module on the page where you want.
- You have finished with the Installation of the module on your DNN site.
- If you want to add module on every page of your dnn site, go to Module Settings >> Advanced Settings.
- Check the box for Display Module on All Pages and click on Update.
- Under oauthclientsso settings tab, select Okta as identity provider (IDP).
- Copy the Redirect/Callback URL and provide the same to your OAuth Provider.
- To configure DNN as a OAuth Client, you will now need to complete the DNN Configuration by configuring the Client ID and Client secret and the endpoints.
- You can refer to the table below for the endpoint and you will get Client ID & Client Secret from your Okta admin dashboard configuration as in step 2.
| Scope: | openid email profile | Authorize Endpoint: | https://{yourOktaDomain}.com/oauth2/default/v1/authorize |
| Access Token Endpoint: | https://{yourOktaDomain}.com/oauth2/default/v1/token |
| Get User Info Endpoint: | https://{yourOktaDomain}.com/oauth2/default/v1/userinfo |
| Custom redirect URL after logout:[optional] | https://{yourOktaDomain}.com/login/signout?fromURI= <your url> |
| Authorize Endpoint: | https://{yourOktaDomain}.com/oauth2/v1/authorize |
| Get User Info Endpoint: | https://{yourOktaDomain}.com/oauth2/v1/userinfo |
Note: Please try the above endpoints if you receive a 404 Server error from Okta at the time of SSO.
2. Configure Okta as OAuth Provider
- First of all, login into your okta account using https://www.okta.com/login
- Go to the Okta Admin panel. Go to Applications -> Applications.
- You will get the following screen. Click on Create App Integration button.
- Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.
- You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. you will get that from miniOrange DNN OAuth plugin.
- Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.
- Now you will get the Client credentials and okta domain. Copy these credentials in miniorange DNN OAuth Plugin configuration on corresponding fields.
- Go to Applications tab and Click on your application.
- Select the Assignments tab.
- Click Assign and select Assign to People.
- If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]
- Click Assign next to a user name.
- Click Save and Go Back.
- Click Done.
- In your Okta admin dashboard, navigate to Security -> API.
- Select your SSO application and click on the edit icon.
- Go to claims tab and select the ID token option.
- click on Add claim button.
- Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.
- Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.
3. Test Configuration
- After saving settings, you can see the list of applications you have configured.
- Click on Edit to update the configuration.
- Click on Test Configuration to check if the configuration is correct.
- On successful configuration, you will get Attributes Name and Attribute Values on Test Configuration window.
4. Attribute Mapping
- Go to the oauthclientsso settings >> Advanced Settings >> Attribute Mapping.
- Map email and username with Attribute Name you can see in Test Configuration window.
5. Adding Widget
- For adding the widget go to Add Widget.
- Click on Add Widget button. A button will be added on the DNN page.
You can even configure the ASP.NET OAuth Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.
Additional Resources
- ASP.NET OAuth Single Sign-On (SSO)
- ASP.NET SAML Single Sign-On (SSO)
- nopCommerce SAML Single Sign-On (SSO)
- DNN REST API Authentication
- Umbraco SAML Single Sign-On (SSO)
Need Help?
Not able to find your identity provider? Mail us on dnnsupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
Need Help? We are right here!
