This section includes instructions on how to register ZEN Master as an SSO app on Okta and configure the connection between ZEN Master and Okta. To complete this process, you need to log in as an Admin on both the Okta side and the ZEN Master side. It is, therefore, recommended to have both open in parallel.
To setup ZEN Master Okta SSO:
On the Okta home page, Click Applications.
Click Add Application.
The Add Application screen opens.
Click Create New App.
The Create a New Application Integration window opens.
In the Platform field, select Web (default).
In the Sign on method field, select OpenID Connect.
Click Create.
The Create OpenID Connect Integration screen opens.
In the Application name field, enter a name for the SSO app. This name will not be shared and is used for administration purposes only. For example, "ZEN Master".
In the Application logo field, you can optionally choose a logo by clicking Browse files, and following the prompts.
In the ZEN Master UI, go to Account Management > Single Sign-On.
Click +Add.
The Create New Single Sign-On screen opens.
Copy the Callback URL to your clipboard.
In Okta, on the Create OpenID Connect Integration screen, paste the Callback URL in the Login Redirect URIs field, and click Save.
The application is created, and the Settings screen for the application opens.
Click on the Assignments tab.
Click Assign, and then select either Assign to People or Assign to Groups (depending on how you want to assign access to this App).
In the Assign window that opens, select each user or group that you want to grant access to, by clicking Assign.
Each time that you assign the App to an individual user, a window opens specific to that user, enabling you to optionally modify that user’s profile information.
Click Save and Go Back.
The user is assigned to the App.
Click Done.
Click on the General tab, and scroll down to the Client Credentials section.
The Client Credentials can be found on the bottom of the page. You will need the Client ID and Client secret from that section to continue the setup process in ZEN Master.
Click the Client ID copy button.
In ZEN Master, paste the Client ID in the Client ID field.
Back in Okta, copy the Client secret, and paste it in the Client Secret field in ZEN Master.
In ZEN Master, in the Name field, enter a name for this SSO connection, for example Okta SSO. This is the name that will be displayed on the Okta button in the ZEN Master Sign In portal.
In the Authorization URL field, enter your unique authorization URL. For example, https://{yourOktaOrg}.okta.com/oauth2/v1/authorize. For more information about Okta Authorization Servers, see Authorization Servers.
In the Token URL field, enter your unique token URL. For example, https://{yourOktaOrg}.okta.com/oauth2/v1/token. For more information about Okta Authorization Servers, see Authorization Servers.
If you want to manually register Okta users to ZEN Master (see Pre-registering users Users in ZEN Master for Okta section) before granting access, select the Allow pre-registered users only checkbox. The registration is simple and only involves entering the user's email.
In ZEN Master, click Save.
The newly created Okta SSO is added to the list of SSO profiles. The users assigned in Okta will be able to connect to ZEN Master by selecting the newly created SSO option under Sign In With. During the first connection you may be required to provide permission to connect through Okta to ZEN Master. As an administrator, you can select Consent on behalf of your organization option, which will not require additional consent by the other users.
However, if you have selected the Allow pre-registered users only option you will need to manually pre-register the users by following the instructions below.