Setup Okta SSO

Okta SSO Eligibility

SELECT's Okta SSO integration is an add-on feature. Please contact SELECT to determine your eligiblity and receive a quote.

Connecting Okta

To manage access and authentication to SELECT using your Okta account, please follow the steps below.

Step 1: Create App Integration

Launch the create app integration flow in the Okta console.

SELECT Okta integration setup step #1

Select OIDC for the sign-in method, and web application as the application type.

SELECT Okta integration setup step #2

On the next page, set the app name to SELECT. Check all the grant type boxes so that they match the screenshot below. Set the sign-in redirect URI to https://auth.select.dev/login/callback.

SELECT Okta integration setup step #3

On the next page, scroll to ‘General Settings’ and click ‘Edit’. Under ‘Login’, set the ‘Login initiated by’ dropdown to ‘Either Okta or app’. Under ‘Application visibility’, check the box next to ‘Display application icon to users’. You can find your ORGANIZATION_ID value from the user pane on the bottom left corner of the app.

Find your organization ID SELECT

Set the Initiate Login URI value to https://select.dev/api/auth/login?organization=ORGANIZATION_ID, replacing ORGANIZATION_ID with the value you have.

SELECT Okta integration setup step #4

Set Federation Broker Mode to Disabled to ensure that the app tile shows up for users. Add the required assignments under the ‘Assignments’ tab at the top of the page.

SELECT Okta integration setup step #5

Step 2: Send information to SELECT team

Once complete, let the SELECT team ([email protected]) know the following values:

  • Client ID and secret for the newly created application integration
SELECT Okta integration setup step #6
  • The Okta domain. This is usually the domain found by clicking your email address in the top right, as shown in the below screenshot. If you've configured the app to use a custom domain, however, please specify that instead.
SELECT Okta integration setup step #7

Mapping SSO Groups to Roles in SELECT

Through the User Roles & Permissions in SELECT, users can enable fine-grained access control in SELECT.

Rather than manually assigning each user a role in SELECT, you can configure roles to be automatically assigned based on the user's Okta SSO group.

To do this, the SELECT integration you set up in Okta needs to be configured to pass your employee's Okta groups to SELECT. Follow the steps below to add the necessary group claims.

  1. In Okta, click Applications in the sidebar
  2. Click the SELECT app
  1. Click the Sign On tab
  1. Scroll down to OpenID Connect ID Token section and click Edit.
  1. Set the Group claims type to Filter
  2. Set Groups claim filter to groups (which is pre-filled) and for pattern pick matches regex and enter .* if you want to send along all the groups. If you want to restrict the groups that are made available to select choose another option. You can learn more about the Groups Claim here.
  3. Click Save
  1. Log in / out of SELECT, and validate that the SSO groups are being exposed to SELECT by checking the user's roles
SELECT User Sidebar Roles
  1. Head back to our Roles documentation and add the group mappings in SELECT.