Search Results :

×

Joomla OAuth Client Integration with Okta Single Sign-On (SSO)


Set up Single Sign-On (SSO) on your Joomla site via Okta OAuth provider with the help of Joomla OAuth & OpenID Connect plugin. Integrating Okta Single Sign-On (SSO) into Joomla using OAuth 2.0 authentication protocol allows your users to securely login into your Joomla websites and applications by authenticating with Okta OAuth provider. The Okta OAuth Joomla plugin also provides advanced features such as, Auto create users, Attribute Mapping, Group Mapping etc.

Visit our Joomla OAuth Client Plugin page to learn more about the features and Pricing plans we offer for the Joomla OAuth Single Sign-on (OAuth & OpenID connect) plugin.

Pre-requisites for setting Okta OAuth SSO with Joomla

Steps to Install Joomla OAuth Client Plugin

  • Download the zip file for the miniOrange OAuth Client plugin for Joomla.
  • Login into your Joomla site’s administrator console.
  • From left toggle menu, click on System, then under Install section click on Extension.
  • Upload the downloaded zip file to install the Joomla OAuth Client plugin.
  • Installation of the plugin is successful. Now click on Start Using miniOrange OAuth Client plugin.
  • Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider. You can also search for custom OAuth or custom OpenID application in the search bar, and configure your own custom provider.
  • Joomla OAuth Single Sign-On SSO - Select your OAuth Provider

Steps to configure Okta OAuth SSO into Joomla

1. Configure Okta as OAuth Provider

  • After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure Okta as OAuth Server, then click on the Save & Next button.
  • Okta OAuth Single Sign-On SSO into Joomla - Copy Redirect URL
  • Now go to https://www.okta.com/login and log into your Okta account.
  • Go to the Okta Admin panel. Go to Applications -> Applications.
  • okta Single Sign-On (SSO) OAuth/OpenID-addapp-shortcut
  • You will get the following screen. Click on Create App Integration button.
  • okta Single Sign-On (SSO) OAuth/OpenID-addapplication
  • Select Sign in method as the OIDC - OpenID Connect option and select Application type as Web application, click on Next button.
  • okta Single Sign-On (SSO) OAuth/OpenID-select-webplatform
  • You will be redirected to the app details page. Enter App integration name and Sign-in redirect URLs which we copied as Callback/Redirect URL.
  • okta Single Sign-On (SSO) OAuth/OpenID-callbackURL
  • Scroll down and you will see the Assignments section. Select an option for controlled access as Allow everyone in your organization to access, untick the Enable immediate access with Federation Broker Mode and then click on Save button.
  • okta Single Sign-On (SSO) OAuth/OpenID-clientcredentials

2. Configure Client ID and Secret

  • Now you will get the Client ID and Client Secret . Keep these credentials handy for configuring miniOrange OAuth Client Single Sign-On (SSO) plugin.
  • okta Single Sign-On (SSO) OAuth/OpenID-clientcredentials
  • From right top header, you will get your domain name. Keep the domain name handy.
  • Note: Copy the Okta domain to configure Joomla OAuth Single Sign-On (SSO) plugin. eg.( https://dev-32414285-admin.okta.com ) then your domain is dev-32414285.okta.com .


    okta Single Sign-On (SSO) OAuth/OpenID-clientcredentials
  • Go to the Step 2 [Client ID & Secret] tab of the Joomla OAuth Client plugin, here paste the Client ID, Client Secret and Tenant. Click on the Save Configuration button.
  • OAuth Single Sign-On SSO into Joomla - Save Configuration

2.1. Scope & Endpoints

  • Scope & Endpoints are given below, which are required for configuring Joomla as OAuth Client plugin to configure Okta as a custom OAuth or OIDC provider.
  • Scope:
    openid email
    Authorize Endpoint:
    https://{yourOktaDomain}.com/oauth2/default/v1/authorize
    Access Token Endpoint:
    https://{yourOktaDomain}.com/oauth2/default/v1/token
    Get User Info Endpoint:
    https://{yourOktaDomain}.com/oauth2/default/v1/userinfo
    Custom redirect URL after logout:[optional]
    https://{yourdomain.okta}.com/login/signout?fromURI= <your url>
    Set Client Credentials:
    In Header Only

3. Configure Attribute Mapping

    User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.

  • Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.
  • OAuth Single Sign-On SSO into Joomla - Test Configuration
  • You will be able to see the attributes in the Test Configuration output as follows.
  • OAuth Single Sign-On SSO into Joomla - Configuration output
  • Now go to the Step 3 [Attribute Mapping] tab and Select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.
  • OAuth Single Sign-On SSO into Joomla - Attribute Mapping

4. Setup Login/SSO URL

  • Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.
  • OAuth Single Sign-On SSO into Joomla - Login/SSO URL
  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.

5. Fetch Okta Groups

  • Click on the Sign On tab in your Okta application.
  •  Okta Single Sign-On (SSO) OAuth/OpenID
  • Go to the OpenID Connect ID Token section by scrolling down.
  • Under Group claims filter section, enter groups as the default name, and then select Matches regex from the drop down list and enter .* (without spaces) to return all the user's Groups. Click on Save button.
  •  Okta Single Sign-On (SSO) OAuth/OpenID

6. Steps to Create Custom Claims in Okta

  • Go to the Okta Admin panel ->Security -> API.
  • Click on Add Authorization Server button.
  •  Okta Single Sign-On (SSO) OAuth/OpenID
  • After creating a new Authorization Server, click on the Edit icon as shown below.
  •  Okta Single Sign-On (SSO) OAuth/OpenID
  • Go to Claims and click on Add Claim button.
  •  Okta Single Sign-On (SSO) OAuth/OpenID
  • After creating a custom claim, go to Access Policies and select Add Policy.
  •  Okta Single Sign-On (SSO) OAuth/OpenID
  • After creating a new policy in the Access Policies tab, click on Add rule button.
  •  Okta Single Sign-On (SSO) OAuth/OpenID
  • Give a name to the rule. Keep other settings as default and click on Create rule.

In this guide, you have learned how to configure Joomla Okta Single Sign-On (SSO) by configuring Okta as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth & OpenID Connect plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Okta login credentials within minutes.

Additional Resources


Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com