Sign in
x

Okta authentication

Enable and configure Okta

Updated at 2019-12-17 05:08:08 UTC
The Okta company logo displayed with blue lowercase letters on a white background.

Keeping your research data secure is essential, and you also need your team and clients to access it easily.  Okta provides a simple sophisticated way to organize your users, projects, and permissions. If your organization is already using Okta and Protobi, this article shows how to link the two.

Create Protobi as a new application

First, login to your Okta admin portal and go to "Applications".  Press "Add Application" and create a new entry for Protobi.

Okta dashboard Applications page with an 'Add Application' button and one active application entry for app.protobi.com. The status sidebar shows 1 active application and 0 inactive applications.

Second, under "Create New Application", choose "Web" and press Next:

Step 1 of Okta's application creation wizard asking to choose a platform. Four options are shown: Native (iOS, Android), Single-Page App (Angular, React, etc.), Web (.NET, Java, etc.) which is selected, and Service (Machine-to-Machine).

Third, set up the application name and URI's for your firm, replacing "mycompany.protobi.com" with your Protobi Enterprise address.  Under "Grant type allowed" make sure that "Authorization Code" is selected:

Application Settings configuration page with Name field set to 'Protobi', Base URIs pointing to https://mycompany.protobi.com, and Login redirect URIs configured for the OAuth callback. The Authorization Code grant type is checked under 'Client acting on behalf of a user'.

Enter URLs for your Protobi instance:

The LOGIN configuration section displays redirect URIs for both login and logout, with the login initiation setting configured as 'App Only'. Save and Cancel buttons appear at the bottom.

When done, save the client ID and Client Secret:

The Client Credentials section displays the Client ID value and a masked Client secret field with visibility toggle and copy buttons. An Edit button appears in the top right corner.

Register Okta as an auth strategy in Protobi

In Protobi, as an app administrator, go to  https://{{mycompany.protobi.com}}/admin/organization and select an organization (replacing {{mycompany.protobi.com}} with your Protobi base URL)

For your organization, select "Use Okta OAuth", and press Save.  Then to configure Okta, press the button "Auth strategies..."

A simple settings interface displaying three enabled options: 'Use Okta OAuth', 'Use Google OAuth', and 'Active', all with blue checkmarks. A blue 'Save' button is positioned in the upper right.

Here enter your Okta configuration:

The Authorization Strategies configuration screen displays Okta OAuth settings with four input fields for clientId, clientSecret, callbackURL, and domain. The left sidebar shows menu items for Accounts, Datasets, Organizations, Logs, and Current users.

Verify Okta is available for your clients

The login screen should now show an option to "Sign in with Okta"

A sign-in form titled 'Sign in (or sign up)' with options to request a sign-in link by email or authenticate using Google or Okta OAuth. The page includes an email address input field and three buttons for different authentication methods.

Pressing this option will redirect the user to sign in to Okta:

Standard Okta authentication form displaying the Okta logo at top, followed by 'Sign In' heading, Username and Password fields (with Username field focused in blue), a 'Remember me' checkbox, and a blue 'Sign In' button.

Successfully signing in will redirect the user to their projects.