SSO Integration
Okta
7 min
overview https //www okta com/ is a cloud based identity and access management (iam) platform that enables secure, single sign on (sso) access to applications and services using one set of credentials integration guide the goal of this is to provide a comprehensive guide allowing for a successful setup and integration of okta as an identity provider to shi one if using okta as an idp is a requirement for your company to onboard with shi one, please familiarize yourself with this documentation and confirm the requirements and permissions necessary and then reach out to your ae or shi representative to start the process prerequisites required access & permissions administrative access to their okta tenant ability to create new applications in okta ability to configure application settings and assignments login to the okta console as an admin user enter the admin console of okta find the applications menu and open it click create app integration select oidc as the sign in method select web application as the application type once in the new application setup, you will keep most settings as default here is what needs to be changed fill out app integration name to desired name it likely should be be shi one especially if your company wants to leverage the application dashboard built into okta for your users enter https //login shi com/login/callback into sign in redirect uris field sign out redirect uris can be blank (you can click the x next to the default to remove it) under assignments, you will have to determine this setting based on your okta setup and who needs access to shi one it can be allow everyone in your okta idp access or certain groups of users which you will have to setup and is outside the scope of this document click save once you click save, the application will be saved and you will be presented with more options under general settings click edit you'll want to modify the login initiated by field towards the bottom in the login section update login initiated by to "either okta or app" and update the initiate login uri to https //one shi com/api/idpauthentication/idp initiate?connection=companyname sso note you will need to provide what you put into the end of this url to shi there can be no underscores, just your company name with sso appended to it for example acmeco sso after saving, the settings should look like this (with acmeco sso replaced with your company name or identifier) requesting from shi the items that you will need to provide shi to complete the integration are the company name or identifier you entered for the initiate login uri providing the whole uri is preferred so we can validate it the client id of the application the secret of the application note the secret will need to be provided securely to shi most likely, a link will be provided to upload a text file with this information the okta domain from the admin console (see additional screenshot) it will be in the mydomain okta com format okta domain location that should be all that is needed to complete the integration once this information is provided to shi, we will complete the integration on our side and ask users to test at the current time shi only supports idp initiated login so if your organization is leveraging the okta apps dashboard, be sure to add this app to it for your users if not, users will need to use the initiate login uri it may be preferable for your organization to map an internal dns entry to the initiate login uri but that is optional we recommend having users login via the okta apps dashboard or having them bookmark the initiate login uri