508. Integrate with Okta Single Sign-On (SSO)

Foretify Manager supports integrating with Okta SSO via OAuth2 for authenticating and authorizing users.

508.1 Configuration in Okta

Configure Foretify Manager as a single-page web application (SPA) in Okta. For detailed information, follow the instructions in Okta Developer Documentation.

1. Create a new App Integration, with Sign-In method set to OIDC - OpenID Connect and Application type set to Single-Page Application.

2. Set these configurations:

3. Grant type: Check Authorization Code and Refresh Token
4. Sign-in redirect URIs: Set to Foretify Manager's /login/callback API (e.g. http://fmanager.me.com/login/callback)
5. Sign-out redirect URIs: Set to Foretify Manager's /logout API (e.g. http://fmanager.me.com/logout)

6. Initiate login URI: Set to Foretify Manager's /login API (e.g. http://fmanager.me.com/login)

7. Assign users to the fmanager_user and/or fmanager_admin groups.

508.2 Configuration in Foretify Manager

Configure Okta's settings in Foretify Manager, by editing the application.properties:

For example:

spring.security.oauth2.client.registration.okta.client-id=0011223344aabbcc
spring.security.oauth2.client.provider.okta.issuer-uri=https://dev-12345678.okta.com/oauth2/default
spring.security.oauth2.client.provider.okta.authorization-uri=https://dev-12345678.okta.com/oauth2/default/v1/authorize
spring.security.oauth2.client.provider.okta.token-uri=https://dev-12345678.okta.com/oauth2/default/v1/token
spring.security.oauth2.client.provider.okta.callback-uri=http://localhost:8080/login/callback