Single Sign-on using OKTA

To use Single Sign-On (SSO) authentication via OKTA for RoboHelp Server, configure the OKTA settings in the SSO section of the Configuration Manager. The description of the required fields are as follows:

OKTA Base URL

The domain of your organization's OKTA server authentication; For example, https://{yourOktaDomain}.

In the URL, replace {yourOktaDomain} with your organization’s base URL.

OKTA allows you to create multiple Custom Authorization Servers within a single Okta org that you can use to protect your own resource servers. Within each authorization server, you can define your own custom OAuth 2.0 scopes, claims, and access policies to support authorization for your APIs.

OKTA Issuer: The URL to an Okta Authorization Server; for example, the default authorization server address is https://{yourOktaDomain}/oauth2/default.

Redirect URI Pathname: The redirect URI pathname specifies the location where OKTA returns a browser after the user finishes authenticating with their Identity Provider. The redirect URL is fixed, based on the context name, which is always "<context-name>/admin/index.html".; Note that this redirect URL, https://<server-name>:<port-number>/<contextname>/admin/index.html needs to be added in the redirect paths of the OKTA application being used for authentication.

Response Type: The Response Type determines which flow is used. The token (required) and id_token (optional) are currently supported for verification of authentication. For example, if you wish to use token and id_token, then this field should be specified as token, id_token.
ClientID: The ClientID of the OKTA application is used for authentication.

Scope: The scope of the OKTA parameters, determine the claims that are returned in the id_token. This includes the scopes that you want to request authorization for and separate each by a space. You can request any of the standard scopes, such as email, profile and openid.