In order to get the integration up and running, there are first some configuration steps that must be completed within Okta.
Create an Application
The first requirement is to create a new application in Okta. This can be done on the Applications tab. Select the “Add an Application” option which will open up the application library. Choose “Create New App” on this screen.
On the next screen, you need to made sure that web is chosen as the platform, and that OpenID Connect has been chosen.
On the following screen, you will be able to add some identifiers to your new application. Start by giving the application a name, and a logo if you wish. You will then need to specify Login and Logout redirect URIs for the application. This varies depending on whether you are using the hosted solution of Halo or not.
Once saved, your application will be created and you will be on the General Tab. Place this into edit mode, and ensure that you have the highlighted option below enabled:
At this point, you should also scroll down and take not of the client ID of the application, as this is required in later steps of the configuration.
Finally, you need to make sure that any agents who will be using the integration as a sign in method have been assigned to the application. To do this, go to the assignments tab, and make sure that the relevant People/Groups have been assigned.
The following configuration must be carreid out in Halo to facilitate the integration.
To activate the Okta integration, go to Configuration > Integrations and enable the module. Please note that this integration cannot be used in tandem with the following modules:
Azure Active Directory
Once enabled, click into the integration to begin configuring it:
The first two options require you to input your Okta instance URL, and the client ID from the application that you created earlier in this guide. To enable the Single Sign-On process, ensure the relevant checkbox is enabled. If you’d like to be automatically redirected to the Okta login screen without user input, then switch on the second checkbox.
Now that the module and Single Sign-On has been enabled, the Halo login screen will have an extra option to login using Okta (unless you have chosen to automatically re-direct to Okta, in which case you won’t see the Halo login screen):
Choosing this option will re-direct you to the Okta login screen. Once logged in, you will be re-directed back to the Halo application and logged in successfully if there is a valid agent in Halo that matches the Okta user you logged in as. The email address is used for this matching process.