Okta single-sign-on for Ortto

There are two main components to configuring Okta single-sign-on for Ortto:

  1. Add Ortto in Okta

  2. Configure Okta in Ortto.

Add and configure the Ortto app in Okta

  1. Ensure you are signed in to Okta with your administrator account and that you are viewing your Okta admin Dashboard.

  2. Access the Applications page and click the Browse App Catalog button.

  3. Search for ortto and choose the appropriate option from the drop-down list.

  4. On the Ortto page, click Add.

  5. Follow the remaining pages to configure the Ortto app in Okta.

  6. Once the Ortto app is configured, make note of the following details, which will need to be configured in Ortto:

    • Client ID,

    • Client secret, and

    • Okta domain.

      You can collect all three items from the Sign On tab of the Ortto app (the Okta domain can be found via the OpenID Provider Metadata). Or, copy the Okta domain from the user menu (hover over the domain name to access a copy to clipboard function).

      okta integration

  7. Ensure you have a user account configured in your Okta account (the Directory  People page) that matches your user account configured through Ortto’s User management page.

  8. When viewing this user’s profile in Okta, ensure the Applications tab is shown and click the Assign Applications button to begin assigning the Ortto app to this Okta user account.

Configure the Okta connection

After adding and configuring the Ortto app in Okta, follow these steps to activate Okta SSO in Ortto.

  1. In Ortto, at Settings  Privacy security & GDPR  App authentication, select Okta Single-Sign-On enforced (requires additional setup in OKTA).

  2. Click the Save button at the end of the page and in the resulting Provide Okta details dialog, specify the Okta domain, Client ID, and Client secret details you noted above.

  3. Click Submit.

  4. Sign out and then sign in to Ortto via the Okta button on the sign-in page.

  • To allow additional Ortto user accounts to sign in to Ortto, ensure that:

    • these users have corresponding user accounts (i.e. with matching email addresses) configured in your Okta domain first, and

    • the Ortto app has also been assigned to these users in Okta.

  • The permission assigned to a user account in Ortto is independent of the permissions assigned to its corresponding user account in Okta. The Ortto user account’s permission determine what that user has access to in Ortto.

  • If you add new user accounts in Ortto (after having configured corresponding user accounts in Okta), then these users will receive an email invitation to either sign up or sign in to Ortto via Okta.