OIDC SSO with Okta
Set up SSO for your Ninox server (Private Cloud or On-Premises) using OIDC and a third-party app like Okta
Last updated
Set up SSO for your Ninox server (Private Cloud or On-Premises) using OIDC and a third-party app like Okta
Last updated
SSO is an Enterprise feature available on request that requires a valid license purchased from Ninox or a certified partner.
We do not require you use Okta to set up a single sign-on with OIDC.
However, we chose Okta to demonstrate a potential OIDC setup with Ninox. Your setup may vary based on which third-party app you use.
Log in to Okta.
Click Applications in the left sidebar and select Applications (1) from the dropdown menu.
Click the Create App Integration (2) button.
In the Create a new app integration pop-up window, select OIDC - OpenID Connect (1) as Sign-in method and Web Application (2) as Application type.
Click the Next (3) button to proceed.
On the New Web App Integration page, in the General Settings section, fill in the fields listed below.
(1) App integration name: enter a name. In this example it's anastasiya oidc test
.
(2) Sign-in redirect URIs: The URI is a combination of the protocol https://
, your Ninox server domain name (in this example it's anastasiya.ninoxdb.de
), and the path /ums/oidc/callback
, resulting in something like https://anastasiya.ninoxdb.de/ums/oidc/callback
. The domain name needs to be replaced with the domain name of your Ninox server.
(3) Sign-out redirect URIs: The URI is the domain name of your Ninox server. In this example it's https://anastasiya.ninoxdb.de
.
Select the Skip group assignment for now (4) radio button for Controlled access in the Assignments section.
Click the Save (5) button to confirm. A new page opens and a success message appears at the top of the page.
Make sure people have access to Ninox, either as members (paid by the owner) or as contributors (paid by themselves). If users cannot log in to Ninox, they won't be able to log in to your Ninox server using SSO.
Follow the steps below to either assign individual users or whole groups to your OIDC integration.
On the new application page, click the Assignments (1) tab.
Click the Assign (2) dropdown button and choose between Assign to People (3) and Assign to Groups.
In the pop-up window, select a user from the list to individually assign the user to your app and click Assign.
Enter the desired information in the pop-up window.
Click the Save and Go Back button to confirm.
Click the Done button to close the pop-up window.
In the pop-up window, select Everyone and click Assign.
Click the Done button to close the pop-up window.
On the new application page, click the General (1) tab.
Under Client Credentials, copy the Client ID (2) and Client secret (3).
Click the Sign On (1) tab.
Under OpenID Connect ID Token, copy the Issuer (2) and Audience (3).
Log in to your Ninox Private Cloud or Ninox On-Premises.
Click the gear icon in the top-right corner.
Select Server Administration from the dropdown menu. A new page opens.
Click the Configuration tab.
On the Server Configuration page, under Authentication Strategy, click the Open Id tab. Fill in the fields listed below, then click the Save and Restart (8) button.
(1) Discovery Url: The URI is a combination of the protocol https://, your Ninox server domain name (in this example it's anastasiya.ninoxdb.de
), and the path /.well-known/openid-configuration
, resulting in something like https://anastasiya.ninoxdb.de/.well-known/openid-configuration
.
(2) Client Id: paste from Okta, refer to Retrieving OIDC credentials from Okta
(3) Client Secret: paste from Okta, refer to Retrieving OIDC credentials from Okta
(4) Redirect Uris (Comma separated): The URI is your Ninox server domain. In this example it's https://anastasiya.ninoxdb.de
.
(5) Scopes: email
, openid
(6) Session Duration (in days): 2
(7) AutoProvision Users: enable
Click the Save and Restart (8) button to confirm.