Authenticating with Okta
Summary
This short series of steps enables Okta admins to connect their Okta instances to Eppo for single sign on. Upon completion, your employees will be able to login to Eppo with Okta by navigating to https://eppo.cloud
and entering their email address. A video walk through of this same sequence is available here.
Steps
Part 1: In your Okta instance, set up a new application for Eppo.
- Login to the Okta Admin dashboard.
- Navigate to Applications > Applications to set up a new integration.
- Click Create App Integration.
- Select
OIDC - OpenID Connect
as your Sign-in method andWeb Application
for your Application type. Hit Next. - Name your new app
Eppo
. - Replace the default
Sign-in redirect URI
to behttps://eppo.us.auth0.com/login/callback
. It’s important that this URL is correct. - Remove the default
Sign-out redirect
. It is not needed! - Under Controlled access, select which members of your organization will have access to Eppo. Most often this is
Allow everyone in your organization to access
. - Hit Save.
- Once the new application is saved, under General Settings hit Edit and uncheck the checkbox User consent. This makes login more fluid for your employees, who won’t be prompted with an additional step on each login to confirm that they’d like to log in with Okta.
- Hit Save.
- Note down the app’s Client ID, Client Secret, **and Okta Domain** for Part 2.
Part 2: Securely send over your new app’s information to the Eppo team.
- In a new tab open up One Time Secret (https://onetimesecret.com/). This will allow you to securely share your app’s sensitive details with the Eppo team via an encrypted link.
- In the first text box, paste in your app’s Client ID, Client Secret, **and Okta Domain**, each separate by a new line.
- Below, create a simple pass code for your secret.
- Below, select 1 Day as your Lifetime.
- Click Create a secret link.
- Once the link has been created, share the link along with the pass code to your Eppo team over Slack or email. The Eppo team will complete the configuration our end and let you know your integration is ready.
info
We currently do not support identity provider-initiated logins. Users must navigate to https://eppo.cloud
to kick off the login process.