This documentation serves as a comprehensive guide to facilitate the integration of Okta with the DataIntell application. By following the steps below, you’ll be able to establish a connection between the two applications.
Setting up the Okta Application
Setting up the Application
The application in Okta is the login portal that will be used to login in the DataIntell application.
Navigate to your Okta Dashboard and create a new application.
In the Create a new app integration modal, select (1) OIDC - OpenID Connect, (2) Single-Page Application and then click on the (3) Next button.
In the following form, you will need to insert URIs for the redirection from Okta to DataIntell. Here are the two URIs you will need:
- Sign-in redirect URIs : This URI allows the DataIntell application to redirect users after login. Enter {DataIntellURI}/login in the text field, where {DataIntellURI} represents the URI used to access DataIntell in the browser. In this example, it will be http://localhost:3000/login.
- Sign-out redirect URIs : This URI allows the DataIntell application to redirect users after logout. Enter {DataIntellURI}/login in the text field, where {DataIntellURI} represents the URI used to access DataIntell in the browser. In this example, it will be http://localhost:3000/login.
In the New Single-Page App Integration form, fill in the (1) App Integration name, which can be any name, then fill in both the (2) Sign-in redirect URIs and (3) Sign-out redirect URIs with the information given above.
Scrolling down the form, select (1) Skip group assignment for now for the Controlled access and then click on the (2) Save button.
After creating the application, note down the Domain and Client ID. These values are required for the login configurations in DataIntell which will be covered in a later section.
Adding Users to the Application
Once the DataIntell application is set up in Okta, you can add users to it. Only these users will be able to connect to the DataIntell application using the Okta authentication.
In the (1) Assignments tab of the application, click on the (2) Assign button and then click on (3) Assign to People.
In the Assign Application to People modal, you can assign any users by clicking on the (1) Assign button in their rows. This will open a form for each user. You can fill in any information, then save and go back. Once the process is completed, click on the (2) Done button.
Setting up the API Token
Creating the API Token
The API token in Okta is allowing DataIntell to fetch the required information for roles and groups for the user.
In this section, we will show you how to create an API token directly from the super administrator account. It is possible to create one for a read-only user, which will limit the scope of usage for the token. To learn how to do so, you can look at the How to Setup the API Token for a Read-Only User at the bottom of this page.
Navigate to your Okta Dashboard and create a new API token.
In the Create token modal, fill in the (1) name of the token, which can be any name, select (2) where the API calls need to originate from and then click on the (3) Create token button.
After creating the API token, note down the Token Value. This value is required for the login configurations in DataIntell which will be covered in a later section. Note that the Token Value will not be shown again after closing the modal, so it is a good idea to save it somewhere safe.
Setting up Roles & Groups
In DataIntell, roles and groups are integral components of user access management. While groups are user-created and optional, roles are essential for granting access to critical sections of DataIntell.
Roles to Establish within Okta
- dataintell_role_admin : The Administrator role grants comprehensive access, enabling users to configure vital aspects of the application.
- dataintell_role_project_manager : A role that allows the user to create, update or delete a project.
- dataintell_role_report_manager : A role that allows the user to create, update or delete a report.
- dataintell_role_archiware_archive : A role that allows the user to archive files or folders with Archiware P5. Requires the Archiware P5 plugin.
- dataintell_role_archiware_restore : A role that allows the user to restore files or folders from Archiware P5. Requires the Archiware P5 plugin.
- dataintell_role_soda_transfer : A role that allows the user to transfer files or folders with CloudSoda. Requires the CloudSoda plugin.
- dataintell_role_storage_manager_archive : A role that allows the user to archive files or folders with Quantum StorNext. Requires the Quantum Storage Manager plugin.
- dataintell_role_storage_manager_restore : A role that allows the user to restore files or folders with Quantum StorNext. Requires the Quantum Storage Manager plugin.
Example of Setting up Groups
- Group name in DataIntell : OnlyCloud
- Group name in Okta : dataintell_group_OnlyCloud
By establishing these roles and, optionally, configuring groups, administrators can effectively manage access control within DataIntell while integrating seamlessly with Okta.
In the Add group modal, fill in the (1) name, following the previously mentioned rules, the (2) description, which can be any description and then click on the (3) Save button. This example is for a role in DataIntell.
In the Add group modal, fill in the (1) name, following the previously mentioned rules, the (2) description, which can be any description and then click on the (3) Save button. This example is for a group in DataIntell.
Once the modal is closed, select the group you have created. In this example, it would be (1) dataintell_group_test.
Once the group page is open, click on the (1) Assign people button.
On the Assign people to group page, you can add any users by clicking on the (1) + sign in their rows and the click on the (2) Done button.
Setting up DataIntell to Use Okta
Setting up the Login Configurations
Configure DataIntell to use Okta for login.
Provide Required Values
Enter the following values in DataIntell’s login configuration:
- Client ID : Client ID from the application in Okta.
- Domain : Domain from the application in Okta.
- Redirect URI : {DataIntellURL}/login, where {DataIntellURL} is the URL to access DataIntell.
- API Token : Token Value copied from the application in Okta.
Test Configuration
Click on Update Configurations to test the provided values.
Save Changes and Sign Out
After successful testing, the new settings will be saved. Sign out to apply the changes and proceed to log in using Okta.
How to Setup the API Token for a Read-Only User
Setting up the API token as read-only is a good way to prevent any usage of the token to make changes in the Okta platform. This will still allow DataIntell to read the groups from the users.
To set up an API token for a read-only user, you must first create the read-only user and give it the Super Administrator role.
From the Okta Dashboard, click on (1) People, then click on (2) Add person to create your read-only user. Once completed, click on the person's username. In this example, it would be (3) Test Test.
In the next page, click on the (1) Admin roles tab and then click on the (2) Add individual admin privileges button.
In the Administrator assignment by admin page, select the (1) Super Administrator role and then click on the (2) Save Changes button.
Once this is done, connect to the account and create an API token. To do so, follow the steps in the Setting up the API Token section. When completed, connect back to the main account and change the role of the read-only account to read-only.
In the Administrator assignment by admin page, click on the (1) trash icon button next to the Super Administrator role, click on the (2) + Add assignment button, select the (3) Read-only Administrator role and then click on the (4) Save Changes button.
If done correctly, the API Token should show that the role is Read Only Admin. If that is the case, the API token is now allowing read-only API calls.
Comments
0 comments
Article is closed for comments.