Odoo Okta OAuth / OIDC Single Sign-On using Okta as OAuth Provider
Configure secure Single Sign-On(SSO) login into Odoo with Okta using our Odoo OAuth Single Sign-On(SSO) module. The Odoo OAuth SSO plugin allows users to use their Okta credentials for a seamless Odoo Okta Login via SSO. Facilitating Okta SSO enables users to authenticate against their Okta credentials and securely access your Odoo site. This step-by-step setup guide will help you configure Okta as Identity Provider (IDP) and Odoo as Service Provider (SP) to achieve Okta Odoo SSO. To know more about other features we provide in Odoo OAuth Single Sign-On (SSO) plugin, you can click here.
Prerequisites: Download and Installation
- An Odoo installation on your environment.
- Installed miniOrange OAuth SSO module for Odoo.
Steps to configure Okta as Identity Provider
Steps to configure Okta
- First of all, go to https://www.okta.com/login and log into your Okta account.
- Go to the Okta Admin panel. Go to Applications -> Applications.
- You will get the following screen. Click on Create App Integration button.
- Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.
- You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. you will get that from miniOrange OAuth/OpenID connect Client Plugin's 'Configure OAuth' tab under the Redirect/Callback URL field.
- Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.
- Now you will get the Client credentials and okta domain. Copy these credentials in Miniorange OAuth client single sign-on (SSO) Plugin configuration on corresponding fields.
Note: Enter https:// in the Okta domain field in the WordPress OAuth Single Sign-On (SSO) plugin which you will get from General Settings. eg.( https://dev-32414285.okta.com ).
1.1 Assign an app integration to a user
- Go to Applications tab and Click on your application.
- Select the Assignments tab.
- Click Assign and select Assign to People.
- If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]
- Click Assign next to a user name.
- Click Save and Go Back.
- Click Done.
1.2 Profile Attributes for the id Token
- In your Okta admin dashboard, navigate to Security -> API.
- Select your SSO application and click on the edit icon.
- Go to claims tab and select the ID token option.
- click on Add claim button.
- Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.
- Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.
- You will be able to see the attributes in the Test Configuration output as follows.
Configure the Odoo Application as Service Provider
- Navigate to Odoo Homepage and Click on the menu button.
- Click on miniOrange OAuth 2.0.
- Click on Create button to configure your Identity Provider (IDP).
- You will see the following Screen.
- In General Configuration, fill in the name of the Identity Provider (eg, WordPress). You will also need to fill the following fields which you will get from your IdP.
Client ID:
as provided by Okta
Client Secret:
as provided by Okta
Scope:
email profile openid
Authorize Endpoint:
<Okta domain>/auth/realms/{realm-name}/protocol/openid-connect/auth
Access Token Endpoint:
<Okta domain>/auth/realms/{realm-name}/protocol/openid-connect/token
Get User Info Endpoint:
<Okta domain>/auth/realms/{realm-name}/protocol/openid-connect/userinfo
- In the Attribute Mapping section, you can map the attributes from your IdP to users on the Odoo ERP system as desired.
- In the Mapping section, you can map the groups from IdP to your Odoo system. After filling in the required fields, you can click on the save button.
- We are done with setting up SSO using miniOrange OAuth SSO module for Odoo.
Test the configuration by following there steps
- Go to Odoo Login page. You will see an extra button with same name as configured in the module.
- Click on the button and you will be directed to you IdP login page. Enter your IdP credentials and click Login.
- After successful authentication, you will be logged into Odoo.
Note: Enter https:// in the Okta domain field in the WordPress OAuth Single Sign-On (SSO) plugin which you will get from General Settings. eg.( https://dev-32414285.okta.com ).
1.1 Assign an app integration to a user
- Go to Applications tab and Click on your application.
- Select the Assignments tab.
- Click Assign and select Assign to People.
- If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]
- Click Assign next to a user name.
- Click Save and Go Back.
- Click Done.
1.2 Profile Attributes for the id Token
- In your Okta admin dashboard, navigate to Security -> API.
- Select your SSO application and click on the edit icon.
- Go to claims tab and select the ID token option.
- click on Add claim button.
- Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.
- Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.
- You will be able to see the attributes in the Test Configuration output as follows.
| Client ID: | as provided by Okta |
| Client Secret: | as provided by Okta |
| Scope: | email profile openid |
| Authorize Endpoint: | <Okta domain>/auth/realms/{realm-name}/protocol/openid-connect/auth |
| Access Token Endpoint: | <Okta domain>/auth/realms/{realm-name}/protocol/openid-connect/token |
| Get User Info Endpoint: | <Okta domain>/auth/realms/{realm-name}/protocol/openid-connect/userinfo |
In this Guide, you have successfully configured miniOrange OAuth SSO module for Odoo to Login using Okta credentials. Now your users can log in into Odoo using your Okta IdP credentials.
Feel free to reach out to us at odoosupport@xecurify.com with your questions and queries.
Need Help? We are right here!
