Skip to main content

Setup Okta as Identity Provider

In Okta you can choose to authenticate using SAML or OIDC. There is no difference between those options in Salted CX. You can choose the one that you prefer.

After you setup the application you have to assign it to users and choose permissions for them. See for details.

Authentication via SAML

Add Salted CX as a SAML application to Okta

  1. In Salted CX Settings, go to Single Sign On → SAML page and copy the SSO URL and the Audience URI.

  2. In you Okta instance go to Okta Admin console → ApplicationsApplicationsCreate App Integration.

  3. Select SAML 2.0.

  4. Fill in the app name and check Do not display application icon to users.

  5. Fill the Single sign-on URL and Audience URI fields with the values from step one.

  6. Set up the following required Attribute Statements:

    NameName formatValue
    emailBasicuser.email
    nameBasic${user.firstName} {user.lastName}
    cxsaltedpermissionsBasicValue depending on what permissions you want to give the users by default.
    note

    To learn more about how permissions work, read the Permissions docs.

  7. Click Next and Finish to create the application.

  8. Copy the Metadata URL found in the Sign On tab of the Okta application you just created.

  9. Go back to Single Sign On page in Salted CX settings and paste in the Metadata URL.

Create a Bookmark App to show Salted CX in Okta Dashboard

Currently, we do not support identity provider initiated authentication flow. If you want to display a Salted CX app tile to your users in Okta dashboard or in the Okta Browser Plugin, you can create a Bookmark App.

  1. Go to Okta Admin consoleApplicationsApplicationsBrowse App Catalog.
  2. Search for Bookmark App.
  3. Fill the application label and the URL of your Salted CX instance, for example https://company.us.salted.cx.

Authentication via OpenID Connect — OIDC

Add Salted CX as an OIDC application to OKTA

  1. In Salted CX Settings, go to the Single Sign On → OIDC page and copy the Redirect URI.
  2. Go to Okta Admin console → ApplicationsApplicationsCreate App Integration.
  3. Select OIDC - OpenID Connect → Web Application.
  4. Pick and fill in the app name (e.g Salted CX, but you can choose whatever name you like) and check the Authorization Code and Refresh Token grant type.
  5. Add the url from step one to Sign-in redirect URIs. Leave Sign-out redirect URIs empty.
  6. Select Skip group assignment for now and Save.
  7. After the app is created, copy the Client ID and Client secret and paste them into the Salted CX OIDC settings page.

Add cxsaltedpermissions attribute to Salted CX OIDC app

  1. In Okta Admin console, go to Directory → Profile Editor and find the Salted CX OIDC app you created in the previous section.
  2. Click on the app to open its Profile Editor and click on the Add attribute button.
  3. Fill in the following values and save:
    • Data type: string
    • Display name: Salted CX Permissions
    • Variable name: cxsaltedpermissions
    • Attribute required: yes
    • User permissions: Read Only

Assign Salted CX app to a user or a group

  1. In Okta Admin console, go to Applications → Applications
  2. Click on the Salted CX app to open its details page.
  3. Select the Assignments tab.
  4. Click on the Assign button and select the user or group you want to assign the app to.
  5. Click Assign
  6. Fill in the cxsaltedpermissions attribute based on the permissions you want to grant the user or the group.