Simplified PowerShell API Scripting with Action1

This Wednesday | 12 PM EST / 6 PM CET

Action1 5 Documentation 5 SSO Authentication with Okta

SSO Authentication with Okta

To provide easy and secure access to Action1 console, Action1 enables users to log in using SSO instead of providing traditional user credentials. This explains how to configure SSO with Okta as identity provider.

Configure Okta

Create App Integration

  1. Sign in to Okta console as administrator.
  2. Navigate to Applications and select Create App Integration.

 

Create app in Okta
  1. Set the sign-in method to OIDC – Open ID Connect and the application type to Web Application.

 

Configure app
  1. Proceed to the app’s General settings and complete the following fields:
    • Provide a name in the App integration name
    • As a grant type, select Client Credentials and Refresh Token.
    • Depending on your region, set the Sign-in redirect URIs to “https://app.action1.com/sso/login” (for North America) or “https://app.eu.action1.com/sso/login” (for Europe).
    • In Assignments, set Controlled access to  Skip group assignment for now, and Save.
Configuring Okta IDP

Configure App Integration

  1. Navigate to the app you created.
  2. On the General tab, select Client Credentials and Require PKCE as additional verification.
  3. Copy Client ID and Secret to use later in Action1 settings.
  4. On the Assignments tab, specify users who can log in to Action1 using Okta integration. Note that users must be already created in Okta.
  5. Navigate to Security | API and copy Issuer URI to use later in Action1 settings.
Get client credentials

Enabling SSO with Okta

If you chose to create an Action1 account while signing up and then decide to use Okta, you have to follow the below steps to make the switch.

  1. Login to Action1 using your Action1 credentials.
  2. Navigate to Advanced page and select Identity Provider.
  3. Specify Okta as identity provider. Keep the scope set to Enterprise.  With this setting changed, all new Action1 users will use Okta.
  4. Input Client ID, Client Secret, and Issuer URI of your Okta application (see previous step).
Configuring Okta IDP

Inviting Users to SSO with Okta

Note: Make sure these users already exist in Okta. If not, proceed to Okta to create users.

  1. Navigate to the Users page.
  2. Invite users – they will receive a login link to their email.

 

Migrating Existing Users to Okta SSO

Note: Make sure these users already exist in Okta. If not, proceed to Okta to create users.

Important: For the next steps, do not remove your last enterprise admin account, create a secondary enterprise admin or elevate another user to the enterprise admin role. Failure to do so could lead to admin account access being lost. Next steps will delete user accounts in order to switch to Okta, users will be unable to access Action1 until their user account migration is complete.

  1. Navigate to the Users page.
  2. Find the user account you want to switch to Okta and select Delete. Alternatively, set the user’s email to non-existant such as “[email protected]”. You might be unable to remove users that have roles assigned, make sure to revoke roles first.
  3. Invite the user again into Action1 by sending an invite again.