Okta Single Sign-On (SSO)

Prerequisites

Manifest supports Single Sign-on (SSO) using Okta. To get started you need the following items:

• An Okta account with an active subscription
• The following role to the client Okta account: Administrator
• The following role to the Manifest application: System administrator

Adding the Manifest application to your Okta tenant

1. Go to okta-devok12.okta.com
2. Click on Sign-Up

3. Create a new account by entering the below information and then hitting REGISTER
   • Email address
   • Password (at least 8 characters)
   • First Name
   • Last Name

4. You will receive a verification email to the email address you indicated at sign up

5. Once you received that email – select the ACTIVATE button and you will be redirected to okta-devok12.okta.com/sigin/password-reset

6. Enter in a new password and confirm that password again

7. Once you are logged in:
   • Go to Applications
   • Create App Integration
   • Check off OIDC – Open ID Connect under Sign-in Method
   • Under Application click on Web Application and then hit NEXT

8. At that point a new window will open up to create a new Web Application
9. Remove the Sign Out redirect URI
10. Under the Sign-In redirect URIs – type the Manifest domain [Example: https://yourdomain.taqmanifest.com]
11. Append this URL with /done at the end [Example: https://yourdomain.taqmanifest.com/done]
12. Under assignments click the button “Allow everyone in your organization to access” and hit SAVE

13. You will be prompted with your Client Credentials
    • Client ID: [Client ID]
    • Client Secret: [Client Secret]
    • Okta Domain [Example: dev-75833616.okta.com]

14. Click “Create App Integration” on more time
15. Check off OIDC – Open ID Connect user Sign-In Method and then Native Application under Application Type and then hit NEXT

16. Sign-in and Sign-out Redirects URIs will fill automatically
17. Remove the Sign Out Redirect URI

18. Under assignments click the button “Allow everyone in your organization to access” and hit SAVE

19. You will be prompted with a few more Client Credentials:
    • Client ID: [Client ID iOS]
    • Redirect URI: [Redirect URI iOS]
      • Example: com.okta.dev-75833616:/callback

Configuring Manifest with your client Okta AD

1. Sign into the Manifest Client Portal
2. Select “Client Settings” and go to the Authentication Configurations tab
3. Select “+ OAUTH PROVIDER”

4. Enter in the following information that you gathered below into the Manifest application to your Okta AD tenant:
   • Client ID​
   • Client ID iOS
   • Client Secret​
   • Okta Domain
   • Redirect URI iOS

5. Select Update
6. Log out of Manifest
7. Log back into Manifest and you will be prompted to log into Okta

8. For subsequent logins you will just see the “Log In with OKTA” at the login page and upon accepting the EULA and hitting login with Okta you will login automatically.

How to Invite Users to Authenticate Using Okta

Once the administrator has set up the initial Okta configuration with the Manifest application you are now ready to invite users to authenticate as well. Below are instructions on how to add users to the Okta backend.

1. Go to okta-devok12.okta.com
2. Enter in your Username and Password and then the Sign In button
3. On the left hand navigation select Directory

4. Select People
5. Click on the + Add Person and when the model opens fill out the following fields​
   • First Name
   • Last Name
   • Primary Email
   • Select if the Password should be set by the User or the Admin
   • Click the “Send user activation email now”

6. Select Save or Save and Add Another User
7. Continue this action until all users are added