Okta 3rd party authentication
  • 2 Minutes to read

    Okta 3rd party authentication


      Article summary

      NordLayer enhances security and streamlines user management by supporting integration with Okta Single Sign-On (SSO). This integration means your team can access NordLayer using the same credentials they already use for other applications, authenticating their identity through Okta SSO.

      Additionally, NordLayer offers two approaches to integrate with Okta: a manual method and an option through the Okta app. We'll walk you through both methods in this guide.

      Set up NordLayer SSO using Okta application

      The Okta application enables users to initiate Service Provider (SP-Initiated) and Provider Initiated (IdP-Initiated) SSO.

      To set up NordLayer application in Okta:

      1. Log into your Okta admin portal
      2. Go to the Applications tab, click Browse app catalog, search for NordLayer, select it, and then click Add integration
      3. Enter NordLayer as the application name and input your NordLayer organization identifier
      4. After clicking Done, open the application's Sign-on tab, click Edit in the Settings window.

      Screenshot 2024-04-12 at 11.12.15 1.png

      1. Adjust the Application username format to Email. Don't forget to hit Save

      Screenshot 2024-04-12 at 11.12.34 1.png

      1. Customize the Assignments section as needed and click Save
      2. Back in the Sign-on tab, note the Client ID and Client Secret for later use
      3. Now you may navigate to the** NordLayer Control Panel** at our website, go to Settings and select Login methods, and under Single sign-on (SSO), toggle the Okta switch
      4. Here, you'll input:
        Paste the Client ID from Okta.
        Paste the Client Secret from Okta.
        Then, use your Okta domain in the format
      https://your-okta-domain.okta.com
      

      Replace your-okta-domain with your actual domain.
      10. Click Save to complete the setup.

      Notes
      • SSO is enabled for both the Control Panel and NordLayer VPN apps, as well as the Browser Extension
      • You're free to activate multiple SSO methods concurrently
      • Optionally, you can disable email and password authentication, making SSO your exclusive login method.

      After your Okta integration with NordLayer is all set, you’ll have a more streamlined and secure access method for your team.

      Manually set up Okta application for SSO

      Here’s how to set up SP-initiated Okta SSO integration:

      1. Start by logging into your Okta Admin portal
      2. Navigate to Applications and select Applications again
      3. Choose Create App Integration, then select the OIDC - OpenID Connect option
      4. Select Web Application at the page’s bottom and click Next to open the New Web App Integration window
      5. Name your application NordLayer
      6. For the Sign-in redirect URL, enter
      https://auth.nordlayer.com/v1/tokens/oauth/resolution
      
      1. Customize the Assignments section as needed and click Save. You’ll then be directed to the application’s General page. Here, copy the Client ID and Client Secret values.
      2. Click on the Sign On tab and copy your Issuer parameters.
      3. With these values, head over to the NordLayer Control Panel on our website, navigate to Settings, then Login methods, and select Okta. You'll be prompted to enter the following five values:
        Client ID: The value copied from the Okta dashboard.
        Client Secret: The value copied from the Okta dashboard.
        Issuer: Replace your-okta-domain with your actual domain in
      https://your-okta-domain.okta.com
      

      Settings - Login methods - Entra ID parameters 4.png

      1. Submitting this information allows your organization members to log into the NordLayer app or Control Panel using Okta SSO.
      Notes
      • SSO is enabled for the Control Panel, VPN apps, and the Browser Extension.
      • You can use multiple SSO methods simultaneously.
      • It's possible to exclusively use SSO by disabling email & password authentication.

      Other SSO providers like Google, JumpCloud, Entra ID, and OneLogin can also be integrated by following their respective guides available in the Control Panel.


      Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.


      Was this article helpful?