Okta SSO Configuration Guide
This document is a guide on how to configure Okta as the Identity Provider to facilitate SSO with Zesty.io application
Supported Features
IdP-initiated Single Sign-On (OIDC) via Okta
Support user login to Zesty from Okta end-user dashboard
Automatic account creation in Zesty.io on initial SSO
Requirements
User should have access to an Okta tenant
User registering the organization’s client_id, client_secret and client_domain in Zesty MUST have an admin or owner role
Email that will be used to login in Zesty.io MUST match the email registered in Okta
Configuration Steps
Install Zesty.io application in Okta instance
In the Okta admin page, click on the Zesty.io application and go to "Sign On" tab
Copy the values of Client ID and Client Secret
Client ID is a public identifier for the client that is required in OIDC/OAuth flows
Client Secret is a private identifier that SHOULD NOT BE SHARED
Get your organization’s Okta domain (or Issuer URL) which can be found in the top-right dropdown button under your email
Domain SHOULD CONTAIN https:// i.e. https://org.okta.com
Assign people or group who can use the Zesty.io SSO application in "Assign" section
Zesty admin MUST register their organization’s Client ID, Client Secret and Client Domain in Zesty
The Zesty user who will register the organization’s secrets MUST be an existing Zesty user with admin or owner role
3 steps to accomplish this: get token, get ecosystem_zuid and register
Get token
If you have an access token created for your instance in Zesty with owner or admin role (see How to create Access Token), this could be used as the token for get ecosystem_zuid and register steps. If you have no access token, you can use Zesty's Login API as seen below, replacing the email and password with your credentials in https://www.zesty.io/
This will return the token that will be used in the next steps. See example response below:
For users with SSO (single sign-on) enabled, there is currently no support for getting a token, creating an access token and using that for get ecosystem_zuid and register steps can be used instead.
Get ecosystem_zuid
Use Zesty’s Get Ecosystems API as seen below, replacing the token for Authorization (obtained in get token step)
This API requires the user to have access to an instance. You will not get an ecosystem_zuid unless you have access to an instance in an ecosystem
This will return the Ecosystems you have access to in JSON format, select one ZUID in the data returned and use that as the ecosystem_zuid in register step.
Sample Response:
Register
Use Zesty’s Create Okta API as seen below, replacing the actual values for ecosystem_zuid (obtained in get ecosystem_zuid step), client_id, client_secret, client_domain (from Okta) and token for Authorization (obtained in get token step)
To know if the organization’s client information was successfully registered, the API will respond with status “200”
Notes
Zesty.io’s integration with Okta can only be used for user authentication.
Users who haven’t used their email in Zesty will have a new account created for them with the default role.
All permissions and roles will be updated within Zesty.
Okta users can authenticate in Zesty from the Okta end-user dashboard via the Zesty application button
Last updated