Set up an Okta SSO configuration (Console)

Console  > Account > Account Settings > Set up an Okta SSO configuration (Console)

This article explains how to set up an Okta SSO configuration in Console.

In this article

Supported features

Single sign-on is initiated via the application.

Requirements

Install the application via your Okta instance.

Part 1: Setting up Okta

Follow the steps below to get Okta set up to be an SSO provider for your acount.

Note: You must have administrator privileges in Okta to perform these steps.

1. Log into your Okta account.

2. From the administrator dashboard, navigate to Applications > Applications.

3. Click Browse App Catalog.

In Okta, navigate to Applications and then to Browse App Catalog.

4. In the search bar, search for "Edify".

a. A Matching search result should appear called "Edify".

b. Click the search result to begin adding the app integration to Okta.

In Okta, search for Edify in the app catalog.

5. Click Add Integration.

Click the Add Integration button in Okta

6. After clicking Add Integration, the integration is added to your Okta account. Navigate to the Sign On tab.

Navigate to the Sign On tab in Okta

7. Make note of the following pieces of information (these will be required to make an API request):

a. Client ID

b. Client secret 

8. While still on the Sign On tab, scroll down until you see an information modal that says “OpenID Connect is not configured until you complete the setup instructions.”

9. Click the OpenID Provider Metadata link to open a JSON file of configuration information.

Make note of the Client ID, client secret, and OpenId Provider Metadata link in Okta

The location of the client ID, client secret, and link to the OpenId Provider Metadata (which contains the issuer url)

10. A JSON document will open in a new tab or window.

a. Look for the first key:value pair with the key "issuer" (see the screenshot below)

b: Make note of the URL value, as this is also required along with the Client ID and client secret to make an API request.

The url in the issuer key:value pair is what you need for making the API request

The “issuer” key:value pair (annotated above) contains a URL you’ll need
when creating the auth provider with the API Platform.

Part 2: Adding an auth provider with our API

The next step is to add a new authentication provider to your account via API (as there’s no menu in the user interface to accomplish this at this time).

You can use any tool you prefer for making API requests, but for the purposes of this article we will use Postman.

11. Use the Create Auth Provider route of the Avaya.cx API to add an auth provider option to your organization's account.

a. HTTP method: POST

b. URL: https://api.avaya.cx/v4/authProviders/okta

c. Request body:

i. displayName: Used for identification in the Avaya.cx system. Can be any string.

ii. clientId: The Client Id collected in step 7.

iii. clientSecret: The Client Secret collected in step 7.

iv. issuer: The Issuer URL collected in Step 10.

Example of the API request in Postman

12. Once you’ve sent the API request, you should receive the unique ID of the auth provider record as confirmation that the request was successful. You don’t need to do anything with this value; it simply indicates that the request was successful.

Example of the API request in Postman

The Avaya.cx API will return the ID of the auth provider upon successful creation.
You don’t need to do anything with this value; it simply indicates that the request was successful.

13. Log into Console at console.avaya.cx.

a. You can choose to either set your authentication provider for the whole account or for individual users.

b. To set authentication for the whole account:

i. Navigate to Account > Account Settings.

ii. In the Auth Provider field, choose your newly created Okta provider.

Select an auth provider in the account settings of Edify

c. To set authentication for individual users:

i. Navigate to Account > Users > [User]

ii. In the Auth Provider field in the Basic container, choose your newly created Okta provider.

Select an auth provider in a user's setting page in Edify

Part 3: User setup and testing

Now, we will look at how to set up a user for logging in with SSO via Okta in your Avaya.cx account.

14. In Okta, confirm that you have a user set up who’d log into your Avaya.cx account via SSO. Their email address should correspond to their email address in your Avaya.cx account.

Confirm that the user has the same email in Okta as in Edify

In the screenshot above, Bennie Franks’ email address in Okta is the same as in Avaya.
This is the email he’ll use to sign into Avaya.cx via Okta.

15. Click on the user you'd like to configure.

16. Click the Assign Applications button.

Click Assign Applications in okta while viewing a user

17. A list of your applications in Okta should appear in a list. Locate Edify and click Assign.

Select Edify when assigning the application to a user in Okta

18. Next, confirm that you've either:

a. Set Okta as the account-wide authentication method (see step 13 b)

b. Configured your user in Console to use Okta as their authentication method (see step 13 c)

Part 4: Log in to Avaya.cx with Okta

The final step is to test the configuration log in to your account with Okta.

19. Navigate to login.avaya.cx.

20. Enter the email address of the user configured for SSO.

Go to login.edify.cx to log in

21. After providing the login email, your browser will redirect you to an Okta sign-on page. Enter your Okta password and follow any other instructions (like two-factor authentication) to log into the Avaya.cx system.

If Okta has been configured correctly, you will be redirected to a sign on page

Error processing SSO login

If, when attempting to log into the Avaya.cx system via Okta, you get the following error:

Error processing SSO login. Please try again

Try clearing your browsing data. If that doesn’t resolve the issue, reach out to support@avaya.cx for additional assistance.