Joomla OAuth Client Integration with Okta Single Sign-On (SSO)

Set up Single Sign-On (SSO) on your Joomla site via Okta OAuth provider with the help of Joomla OAuth & OpenID Connect plugin. Integrating Okta Single Sign-On (SSO) into Joomla using OAuth 2.0 authentication protocol allows your users to securely login into your Joomla websites and applications by authenticating with Okta OAuth provider. The Okta OAuth Joomla plugin also provides advanced features such as, Auto create users, Attribute Mapping, Group Mapping etc.

Visit our Joomla OAuth Client Plugin page to learn more about the features and Pricing plans we offer for the Joomla OAuth Single Sign-on (OAuth & OpenID connect) plugin.

Pre-requisites for setting Okta OAuth SSO with Joomla

Setup Okta as OAuth Provider with Joomla OAuth Client

Follow the steps given below to setup the Joomla OAuth Client plugin. You can also refer to this Setup video for configuring the plugin.

1. Download and Setup Joomla OAuth Client

• Download the zip file for the miniOrange OAuth Client plugin for Joomla from the given link.
• Login into your Joomla site’s administrator console.
• From left toggle menu, click on System, then under Install section click on Extensions.
• Upload the downloaded zip file to install the Joomla OAuth Client plugin.
• Installation of plugin is successful. Now click on Start Using miniOrange OAuth Client plugin.
• Under Configure OAuth tab. Select Okta as an OAuth Provider.

• Now copy the Callback / Redirect URL which is needed while configuring Okta as OAuth Server.

2. Configure Okta as OAuth Provider

• Now go to https://www.okta.com/login and log into your Okta account.
• Go to the Okta Admin panel. Go to Applications -> Applications.

• You will get the following screen. Click on Create App Integration button.

• Select Sign in method as the OIDC - OpenID Connect option and select Application type as Web application, click on Next button.

• You will be redirected to the app details page. Enter App integration name and Sign-in redirect URLs which we copied as Callback/Redirect URL.

• Scroll down and you will see the Assignments section. Select an option for controlled access as Allow everyone in your organization to access, untick the Enable immediate access with Federation Broker Mode and then click on Save button.

• Now you will get the Client ID and Client Secret . Keep these credentials handy for configuring miniOrange OAuth Client Single Sign-On (SSO) plugin.

• From right top header, you will get your domain name. Keep the domain name handy.

Note: Copy the Okta domain to configure Joomla OAuth Single Sign-On (SSO) plugin. eg.( https://dev-32414285-admin.okta.com ) then your domain is dev-32414285.okta.com .

3. Integrating Joomla with Okta

• Go back to your Joomla Dashboard. Then go to Components, then miniOrange OAuth Client and click on Configure OAuth tab.
• Paste the Client ID, Client Secret and Domain. Also Set Client Credentials In header then click on Save Settings to save your Configuration.

3.1. Scope & Endpoints

• Scope & Endpoints are given below, which are required for configuring Joomla as OAuth Client plugin to configure Okta as a custom OAuth or OIDC provider.

Scope:	openid email
Authorize Endpoint:	https://{yourOktaDomain}.com/oauth2/default/v1/authorize
Access Token Endpoint:	https://{yourOktaDomain}.com/oauth2/default/v1/token
Get User Info Endpoint:	https://{yourOktaDomain}.com/oauth2/default/v1/userinfo
Custom redirect URL after logout:[optional]	https://{yourdomain.okta}.com/login/signout?fromURI= <your url>
Set Client Credentials:	In Header Only

4. User Attribute Mapping

• User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
• Click on Test Configuration button, you will see all the values returned by your OAuth Provider to Joomla in a table.

• Now go to do Attribute Mapping tab. Here you can map all the Attribute Mapping details in the given fields below.

5. Role/Group Mapping [Premium Feature]

• Go to the Role Mapping tab. Here you can Enable Role Mapping and select default groups for new users.
• Based on your provider application, you can allocate the Joomla role to your provider roles.

6. Fetch Okta Groups

• Click on the Sign On tab in your Okta application.

• Go to the OpenID Connect ID Token section by scrolling down.
• Under Group claims filter section, enter groups as the default name, and then select Matches regex from the drop down list and enter .* (without spaces) to return all the user's Groups. Click on Save button.

7. Steps to Create Custom Claims in Okta

• Go to the Okta Admin panel ->Security -> API.
• Click on Add Authorization Server button.

• After creating a new Authorization Server, click on the Edit icon as shown below.

• Go to Claims and click on Add Claim button.

• After creating a custom claim, go to Access Policies and select Add Policy.

• After creating a new policy in the Access Policies tab, click on Add rule button.

• Give a name to the rule. Keep other settings as default and click on Create rule.

8. Login Settings [Premium Feature]

• Now you can use Login / SSO URL to perform SSO.

• Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.
• Go to the Login/Logout Settings tab. Here, you can configure user login/logout behavior for your Joomla application.

• Congratulations, you have successfully configured the miniOrange OAuth Client plugin with your Okta OAuth Provider.
• Click on the Upgrade Plans tab to check out our complete list of features and various licensing plans. OR you can click here to check features and licensing plans.
• If you want to purchase any of the paid version of the plugin, you have to register/login with us in Account Setup tab. OR you can register/login Here .
• In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

In this guide, you have learned how to configure Joomla Okta Single Sign-On (SSO) by configuring Okta as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth & OpenID Connect plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Okta login credentials within minutes.

Additional Resources

• What is OAuth 2.0?
• Frequently Asked Questions (FAQs)
• How to configure OAuth / OpenID Connect SSO with Azure AD
• How to configure OAuth / OpenID Connect SSO with Salesforce
• How to configure OAuth / OpenID Connect SSO with AWS Cognito
• How to configure OAuth / OpenID Connect SSO with Discord
• How to configure OAuth / OpenID Connect SSO with Facebook
• How to configure OAuth / OpenID Connect SSO with Google Apps
• How to configure OAuth / OpenID Connect SSO with Instagram
• How to configure OAuth / OpenID Connect SSO with Keycloak

Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.