Skip to main content

Configuring Okta OIDC / SSO

Setup Okta SSO by provisioning apps in Okta and linking them to Adaptive's admin and employee portals with necessary credentials.

Updated over 2 months ago

Before you start

Review our general User (Admin & Employee) Authentication documentation for more details.

Unlike Google and Microsoft SSO, which require minimal configuration, there are a few configuration steps that you need to do in order to configure Okta SSO for your company.

If you are looking for the steps to set up Okta SAML, those can be found here

First, Adaptive requires the configuration of two Okta applications:

  1. An Admin application that can be assigned to stakeholders responsible for security training operations. This gives access to our Admin Portal (https://admin.adaptivesecurity.com/login).

  2. An Employee Portal application that allows them to access our security training content when they are assigned a training to complete (https://app.adaptivesecurity.com/sso/login).

This setup is required because Adaptive has two different web portals -- one for Admins (admin.adaptivesecurity.com) where only your Admin users are provisioned and one for Employees (app.adaptivesecurity.com) where employees with an active record in our system will be granted access.

Configuration Steps

1. When you are first set up with a new Adaptive account, you will need to sign in with a method other than Okta. This will usually be username and password but you can also use Google or Microsoft SSO to sign in.

2. Once in the Admin Portal, you can navigate to the 'Setting' page in the left hand navigation. Once here, select the the 'Authentication' tab.

3. By clicking the '+ Add Option' in the section specific to the Adaptive app you want to enable with Okta OIDC, you will be able to select 'Okta' as an authentication option.

💡 NOTE: As mentioned above, you will repeat the following steps for each connect with Okta option (User Okta as OIDC provider & Sign in with OIDC where vendor is Okta)

4. Select the 'Okta OIDC' option and click 'Continue'. That will take you to a configuration page with the following inputs:

  • Issuer

  • Client ID

  • Client Secret

5. In order to fill out these values, you will need to go to your Okta admin portal and provision a new application by following these steps:

  • On the left hand menu in the Okta portal, click on the 'Applications' tab. In the dropdown beneath this, click on 'Applications' again.

  • On the following page, click 'Create App Integration.'

  • In the modal that pops up, select 'OIDC - OpenID Connect' as the Sign-in method and 'Web Application' as the Application type.

6. On the following page, you will need to specify a few fields (for any fields not mentioned below, please leave the defaults):

  • App integration name: pick something that will resonate with your admins and your employees. We recommend 'Adaptive Admin SSO' and 'Adaptive SSO' for our Admin Portal and Employee Training App, respectively, but the naming is completely up to your discretion here.

  • Logo: this is an optional field. We recommend using the Adaptive 'a' icon logo, especially if you plan on including this as a tile featured in your employee’s Okta application launcher page.

  • URIs: As mentioned at the beginning of this documentation, you will need to set up two Okta apps (one for Admins and one for Employees). You can find the URIs for each setup below

    1. Admin Portal OIDC/ SSO URIs:

      1. Sign-in redirect URIs: replace the default URI with https://admin.adaptivesecurity.com/sso/login

      2. Sign-out redirect URIs: replace the default URI with https://admin.adaptivesecurity.com/sso/logout

    2. Employee Training App OIDC / SSO URIs:

      1. Sign-in redirect URIs: replace the default URI with https://app.adaptivesecurity.com/sso/login

      2. Sign-out redirect URIs: replace the default URI with https://app.adaptivesecurity.com/sso/logout

  • Assignments:

    • For the Admin Portal OIDC SSO application, we recommend assigning to a specific group. However, it is important to note that, just because an employee has access to the Okta SSO application via this setting, they are not able to sign in to the Adaptive admin portal unless they have been explicitly invited to the application whitelist already.

    • For the Employee Training App OIDC SSO application, we recommend choosing 'Allow everyone in your organization to access.' This will ensure all employees are able to sign in and interact with Adaptive training materials.

7. Once you have configured the application, click 'Save.' This will land you on the new application’s configure page. There are two fields you will need to copy here: your Client ID and your Client Secret. Copy both of these values as we will use them in a couple steps.

8. The last piece of information needed is your Okta Issuer URL. To acquire this value, navigate to the 'Security' dropdown tab on the left hand menu. In the resulting dropdown, select 'API.'

9. On the following page, you can either choose to 'Add Authorization Server,' use the default, or use another existing server. Copy the Issuer URI from the table.

  • If your Okta account does not support / include the API Access Management feature, you will not see the Authorization Server option.

  • Instead, what you should do is use the following format for your Issuer URL: https://{input_your_account_name}.okta.com/oauth2

10. Finally, navigate back to the Adaptive Admin Portal and paste each of these values into this modal accordingly and click 'Save.'

11. To confirm this all worked correctly, log out of the Adaptive Admin Portal and attempt to sign in using Okta SSO with the same email address your Adaptive admin account is under.

Did this answer your question?