The Okta plugin allows Countly to bypass its regular authentication procedures and use the Okta user credentials of the organization instead. The Okta Integration plugin is available in the Enterprise Edition v20.04 and above.
The Okta plugin is available only in the Enterprise Edition.
What is Okta?
Okta Identity Cloud provides secure identity management with Single Sign-On, Multi-factor Authentication. Okta's Universal Directory allows you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems.
Setting Up The Okta Integration
Enable the Okta plugin
First and foremost, enable the Okta plugin: go to Management > Plugins in the top-right corner and click on the enable toggle button for Okta. If you do not have access to these settings, please contact your account admin.
The user of the organization needs to use the same Countly login credentials as their organization’s Okta authentication account.
Steps in your Okta dev console
Note: These steps have been taken from Okta’s documentation. As they may update their product and documentation, please visit the Okta App Registration page for complete details.
You can either use an existing OpenID Connect app or create one.
1. In the Okta dev console, click the Applications tab and then Create New Application.
2. Fill the Application Settings fields like app name and Countly domain for your organization redirect URLs (e.g. https://countly.yourdomain.com/okta/login-callback for login and https://countly.yourdomain.com for logout).
And that is all! Now you can continue the setup on Countly and easily finalize the Okta integration.
Installing the Okta plugin in Countly
Create and enable a config.js file from sample.config.js:
If your server is Countly-hosted, please contact Support and provide us with the information listed below.
module.exports = {
orgUrl: 'https://dev-623170.okta.com',
clientId: '0oa16eh84vg4cHHSb4x7',
clientSecret: 'wgyItX95EjtusUoccVhtLY2t8OvvicrVt5CHHE6v',
apiToken: '00mmBkLFJhOiGcOsLaf--DuezUGdo_0j8abT4OO2yx',
globalAdminGroup: 'countly-global-admin',
baseUrl: 'https://foysal.count.ly',
};
orgUrl: can be found in the top right section of the Okta dashboard
clientId and clientSecret fields can be found in the Okta dashboard, under the Applications tab.
apiToken: create API token on Okta
globalAdminGroup: group name, which will be the global admin of Countly and which needs these group permissions to access the user management and create groups inside Countly.
baseUrl: Countly domain for your organization.
Using Okta in Countly
1. Go to Management > Users in the top-right corner.
2. Choose a user who is a member of the group which has been set up as a Global Admin Group and who can manage the Users section and create Groups. The group name of Okta and the group name of Countly should be the same.
3. The Okta plugin does not have user-level permissions; instead, it has group-level permissions. The members of the Okta groups should match those of Countly groups for the members of the Okta group to access the Countly Dashboard. Permissions will depend on the group permission setup inside Countly to manage the Groups or Users sections. Assign users to the groups in Okta in order to match between Countly groups and Okta groups.
If you are unable to see the option of Okta integration on your Countly account, it is possible that it is not part of your package. Please reach out to your account manager or the support team to add this. If it is included in your package but you are unable to see the option, please reach out to our support team who will help you set it up.