Okta Integration for SSO

Supported features

my2be supports both Identity (IdP) and Service Provider (SP) -Initiated Authentication (SSO) Flows. This authentication flow occurs when the user attempts to log in to the application from the Identity Provider, which is Okta in this case, and directly from the my2be platform.

Requirements

The requirements for this integration include:

Okta tenant – Contact your Okta representative to set up your Okta tenant.
my2be organization – Contact your my2be account manager to set up your my2be account with appropriate permissions

Configuration Steps

The following documents the steps to configure OIDC integration between Okta and my2be, so as users of your organization are able to authenticate using Okta.

Logged into the Okta Admin panel, go to Applications > Applications > Create App Integration

Select OIDC – Open ID Connect as the Sign In method, and Web Application as the Application type, and click Next.

Next, under General Settings, change the following:

App integration name: my2be
Logo: This is optional, however you can download the my2be logo from https://s3.eu-west-2.amazonaws.com/public-assets.my2be.com/logo-new.jpg
Grant type: Under Client acting on behalf of user select both Authorization Code and Implicit (hybrid)
Sign-in redirect URIs: Remove the default localhost address and add https://{yourorg}.my2be.com/okta – where yourorg is your organization’s my2be slug
Sign-out redirect URIs: Remove any values from this section

Under Assignments > Controlled access, select how you would like your users to gain access to the my2be integration. If you are unsure, select Skip group assignment for now. Click Save.

Your Okta app is now created, however there are a few more minor changes to ensure the best user flow for your users. From the application screen (shown immediately after the previous step), click Edit next to General Settings.

Under the Application section, change the following:

Grant type: Ensure Authorization Code, Implicit (hybrid) and Allow Access Token with implicit grant type

Under the User consent section, change the following:

Terms of Service URI: https://app.my2be.com/tos
Privacy URI: https://app.my2be.com/privacy

Under the Login section, change the following:

Login initiated by: Either Okta or App
Application visibility: We recommend selecting both Display application icon to users and Display application icon in the Okta Mobile app
Initiate login URI: https://{yourorg}.my2be.com/okta/login – where yourorg is your organization’s my2be slug

Click Save to apply the changes.

Now the app is all set up, you need to send the following details (all from the same Applications page) to your my2be Account Manager:

Client ID
Client Secret
Okta domain
App embed link

Identity Provider (IDP)-Initiated Authentication (SSO) Flow into my2be

When logged into Okta as a user that is assigned the my2be application, the my2be chiclet should be visible in the Applications dashboard (My Apps). Simply click this to log into my2be.