Skip to main content

SSO Integration: OIDC

For organizations that want seamless identity and access management, Nexla supports any OpenID Connect and SAML based single sign-on (SSO) client such as Okta, Auth0, OneLogin, ID Anywhere, and Microsoft Active Directory.

In this guide we will look at instructions for setting up account management of your Nexla organization using an Okta Open ID Connect SSO application.

Step 1: Configuring Okta

The following steps can only be done by an Okta Account Administrator for your Okta organization:

  1. Login to your Okta account. Go to the Applications menu and click on Create App Integration button. This will launch a popup form.

      okta-1.png

  2. In the form, choose OIDC - Open ID Connect as Sign-on Method and Single Page Application as the Application Type. Then click on Next

      okta-2.png

  3. You will be redirected to the application details page. Enter the following details in this page:

    1. App Integration Name: Pick any name you wish to assign.
    2. Grant type: Leave this as the default, Authorization Code.
    3. Sign-in redirect URIs: Set this to <your-nexla-ui-url>/sso. Usually, this will be https://dataops.nexla.io/sso.
    4. Sign-out redirect URIs: Set this to <your-nexla-ui-url> Usually, this will be https://dataops.nexla.io.

      okta-3_edited.png

  4. Click on Save, and that's it! You've now created an Okta application that can be used for managing access to Nexla. In the next few steps, we'll note down the configuration information needed by Nexla.

  5. From the General settings tab of the created application, note down:

    • Client ID
    • Okta Domain

      okta-4.png

  6. Finally, we'll make a note of the Authorization Server that should be used. Let's head over to the Security >> API menu. Usually there is only one default entry in there pointing to Okta's default Authorization server, but you can choose to control Nexla authorization via any Authorization Server. We'll just make a note of the following from this page:

    • Audience
    • Issuer URI

      okta-5.png

That's all we need to do on the Okta UI. Next, we will configure Nexla.

Step 2: Configuring Nexla

This step will be handled by the Nexla support team. Send an email to support@nexla.com or contact your Nexla Account Manager with these details you noted down in the previous step:

  1. Okta Application Client ID
  2. Okta Application Domain
  3. Authorization Server Audience
  4. Authorization Server URI
  5. Should Nexla auto-create accounts for users when they login through Okta? Usually you want to leave this as Yes so that Nexla user creation is managed automatically through Okta.

Once Nexla has been configured for this new Okta SSO integration, your organization members can use the Login with SSO button on the Nexla UI to access their Nexla account after the Okta SSO handshake.