SSO
      Back to home
      1. Help Center
      2. Integrations
      3. SSO

      How do I use the Okta integration?

      What is Okta?
      Okta is a trusted platform to secure every identity. More than 10,000 organizations trust Okta’s software and APIs to sign in.


      How does POINT integrate with Okta? 

      POINT uses Okta integrations to provide quick and easy logins for organizations that already use Okta to sign on to their organization’s web platforms (such as an intranet) or accounts.

      How to set up an Okta Integration: 


      Accordion: Connect to your Okta account or create one

      If your organization uses Okta, login here:

      If you need to create an Okta account using a free trial, sign up here.

      •  Fill in all fields, then click “Get started” and verify your Okta account
      •  Go back to the login page, and sign in 

      If you want to learn more about how to use Okta, check out this guide.


      Accordion: Add POINT to Okta (SPA)

      1. Log in to your Okta account, choose your organization, and click the button on the top right that says “Admin” (note: make sure you have admin access from your organization). 



      2. Go to the left side menu and click “Applications”, then “Applications” again from the dropdown.



      3. On this page, click “Create App Integration” 



      4. For the sign in method click “OIDC - OpenID Connect” then when application type comes up, click “Single Page Application” and click Next. 



      5. It will pull up a “New Single-Page App Integration” form. You can rename it “POINT SPA Integration” or leave that field as the default. 
      6. Under “Grant type” select “Authorization code” and “Refresh token”. 



      7. Under “Grant type” open “Advanced“ and select Other grants “Interaction Code”.



        Note: If the Interaction Code checkbox doesn’t appear, the Interaction Code grant type isn’t enabled for your org. To enable it, go to Settings > Account > Embedded widget sign-in support and allow it, after that return to Create App Integration. 



      8. Scroll down to the “Sign-in and Sign-out redirect URIs”. 
      • Under the “Sign-in redirect URIs”, click “Add URI” and enter:
      • https://dash.pointapp.org/login/callback     

        Note: If there is already a URI here, leave it and just add these!  
      •   Under the “Sign-out redirect URIs”, click “Add URI” and enter: 
      • https://dash.pointapp.org     

        Note: If there is already a URI here, leave it and just add these!  

      • Under “Assignments” and “Controlled access” click “Allow everyone in your organization to access”. Enable immediate access checkbox must be empty if you want to assign the app to a group or some people. To assign the app to a group or individuals, click on the Group or People left menu, select the group or individuals, open the Applications tab, and click Assign applications.

      • Click save.

       

      Accordion: Add POINT to Okta (Native App)

      1. Go to the left side menu and click “Applications”, then “Applications” again from the dropdown. 
      2. On this page, click “Create App Integration” 
      3. For the sign in method click “OIDC - OpenID Connect” then when application type comes up, click “Native Application” and click Next. 
      4. It will pull up a “New Native Application Integration” form. You can rename it “POINT Native App Integration” or leave that field as the default. 
      5. Under “Grant type” select “Authorization code” and “Refresh token”. 
      6. Under “Grant type” open “Advanced“ and select Other grants “Interaction Code”. 

        Note: If the Interaction Code checkbox doesn’t appear, the Interaction Code grant type isn’t enabled for your org. To enable it, go to Settings > Account > Embedded widget sign-in support and allow it, after that return to Create App Integration.

      7. Scroll down to the “Sign-in and Sign-out redirect URIs”.
      • Under the “Sign-in redirect URIs”, click “Add URI” and enter: 
      •  org.pointapp.point:/login

        Note: If there is already a URI here, leave it and just add these!  

      • Under the “Sign-out redirect URIs”, click “Add URI” and enter: 
      • org.pointapp.point:/logout

        Note: If there is already a URI here, leave it and just add these!  

      • Under “Assignments” and “Controlled access” click “Allow everyone in your organization to access”. Enable immediate access checkbox must be empty if you want to assign the app to a group or some people. To assign the app to a group or individuals, click on the Group or People left menu, select the group or individuals, open the Applications tab, and click Assign applications.
      • Click save.


      Accordion: Update your Okta security settings

      1. Go to your left side menu on your Okta dashboard and go to Security > API >Trusted Origins.
         



      2. Click “Add Origin” and enter the name “POINT Dash” under “Origin name”       
      3. Add the Origin URL: https://dash.pointapp.org
      4.  Under “Choose Type”, select “Cross-Origin Resource Sharing (CORS)” 
      5. Click save

       

      Accordion: Update your Access Policies

      1. Go to your left side menu on your Okta dashboard and go to Security > API.
      2. Select the Authorization Servers tab, and then select the pencil icon next to the custom authorization server that you want to update.



      3. Select the Access Policies tab.
      4. Select the pencil icon from the Action's column for the policy that applies to your app, for example, the Default Policy Rule.



      5. Click Advanced in the IF Grant type is section of the Edit Rule.
      6. Select Interaction Code in the Other grants section.



      Note: If there are no Access Policies, click Add New Access Policy, create Access Policy after that Add rule and repeat steps from Update your Access Policies.


      Note: If the Interaction Code checkbox doesn’t appear, the Interaction Code grant type isn’t enabled for your org. To enable it, go to Settings > Account > Embedded widget sign-in support.

       

      Accordion: Add Okta to POINT 

      1. From your POINT admin dashboard, use the left side menu to click “Organization” and then “Integrations”. 
      2. Select Okta
      3. Enter the required information, which is the Client ID and Domain. (If you don’t know how to find this, we have instructions below)
      4. Click “Save” 

      Accordion: Finding your Okta Client ID and Domain (SPA)

      Client ID: 

      1. Log in to your Okta account, choose your organization, and click the button on the top right that says “Admin” (note: make sure you have admin access from your organization). 
      2. Go to the left side menu and click “Applications”, then “Applications” again from the dropdown, then click “Active.”



      3. Choose “My SPA” and select the Client Credentials. 



      4. Find the Client ID and copy it. Paste it in your POINT Okta Integration page under “SPA: Okta Client ID”

      Domain: 

      1. Log in to your Okta account, choose your organization, and click the button on the top right that says “Admin” (note: make sure you have admin access from your organization). 
      2. Go to the left side menu and click “Applications”, then “Applications” again from the dropdown, then click “Active.”
      3. Choose “My SPA” then choose “Sign On Tab” and click “OpenID Connect ID Token” and click “Edit”
      4. Change Issuer to Okta URL and hit save



      5. Copy the URL. Paste it in your POINT Okta Integration page under “SPA: Okta Domain”. 


      Accordion: Finding your Okta Client ID and Domain (Native App) 

      Client ID: 

      1. Log in to your Okta account, choose your organization, and click the button on the top right that says “Admin” (note: make sure you have admin access from your organization). 
      2. Go to the left side menu and click “Applications”, then “Applications” again from the dropdown, then click “Active.”
      3. Choose “My Native App” and select the Client Credentials. 
      4. Find the Client ID and copy it. Paste it in your POINT Okta Integration page under “Native App: Okta Client ID (Native App)”.

      Domain: 

      1. Log in to your Okta account, choose your organization, and click the button on the top right that says “Admin” (note: make sure you have admin access from your organization).
      2. Go to the left side menu and click “Applications”, then “Applications” again from the dropdown, then click “Active.”
      3. Choose “My Native App” and select “Sign on Tab” then “OpenID Connect ID Token” then click “Edit”.
      4. Change Issuer to Okta URL and click save.
      5. Copy the URL. Paste it into your POINT  Okta Integration page under “Native App: Okta Domain (Native App)”.

      Accordion: Delete your Okta integration 

      1. From your POINT admin dashboard, use the left side menu to click “Organization” and then “Integrations”. 
      2. Select Okta
      3. Click the button that says “Delete Integration” 
      4. All fields should be empty

       

      Questions? Email us at  support@pointapp.org.