MEET ACTION1 AT RSA CONFERENCE 2024

May 6 - 9 | San Francisco | Booth #5472

REGISTER FOR THE WEBINAR

Getting Started

Endpoints

Patch Management

Vulnerability Management

Software Deployment & IT Assets

Automation & Remote Desktop

Real-Time Reports & Alerts

Account Access & Management

Security Concerns

Need Help?

Action1 5 Documentation 5 SSO Authentication with Okta

SSO Authentication with Okta

To provide easy and secure access to Action1 console, Action1 enables users to log in using SSO instead of providing traditional user credentials. This explains how to configure SSO with Okta as identity provider.

Configure Okta

Create App Integration

  1. Sign in to Okta console as administrator.
  2. Navigate to Applications and select Create App Integration.

 

Create app in Okta
  1. Set the sign-in method to OIDC – Open ID Connect and the application type to Web Application.

 

Configure app
  1. Proceed to the app’s General settings and complete the following fields:
    • Provide a name in the App integration name
    • As a grant type, select Refresh Token. Authorization code is enabled by default.
    • Depending on your region, set the Sign-in redirect URIs to “https://app.action1.com/sso/login” (for North America) or “https://app.eu.action1.com/sso/login” (for Europe).
    • In Assignments, set Controlled access to  Skip group assignment for now, and Save.
Okta SSO

Configure App Integration

  1. Navigate to the app you created.
  2. On the General tab, select Require PKCE as additional verification.
  3. Copy Client ID and Secret to use later in Action1 settings.
  4. On the Assignments tab, specify users who can log in to Action1 using Okta integration. Note that users must be already created in Okta.
  5. Navigate to Security | API and copy Issuer URI to use later in Action1 settings. By default, the Issuer URI includes your Okta organization name (“https://${yourOktaOrg}”). 
Get client credentials

Enabling SSO with Okta

If you chose to create an Action1 account while signing up and then decide to use Okta, you have to follow the below steps to make the switch.

  1. Login to Action1 using your Action1 credentials.
  2. Navigate to Advanced page and select Identity Provider.
  3. Specify Okta as identity provider. Keep the scope set to Enterprise.  With this setting changed, all new Action1 users will use Okta.
  4. Input Client ID, Client Secret, and Issuer URI of your Okta application (see previous step).
Configuring Okta IDP

Inviting Users to SSO with Okta

Note: Make sure these users already exist in Okta. If not, proceed to Okta to create users.

  1. Navigate to the Users page.
  2. Invite users – they will receive a login link to their email.

 

Migrating Existing Users to Okta SSO

Note: Make sure these users already exist in Okta. If not, proceed to Okta to create users.

Important: For the next steps, do not remove your last enterprise admin account, create a secondary enterprise admin or elevate another user to the enterprise admin role. Failure to do so could lead to admin account access being lost. Next steps will delete user accounts in order to switch to Okta, users will be unable to access Action1 until their user account migration is complete.

  1. Navigate to the Users page.
  2. Find the user account you want to switch to Okta and select Delete. Alternatively, set the user’s email to non-existant such as “[email protected]”. You might be unable to remove users that have roles assigned, make sure to revoke roles first.
  3. Invite the user again into Action1 by sending an invite again.