Okta Authentication

Okta Authentication for HYPR Control Center

If your HYPR Control Center users are part of your Okta organization, you can integrate the Control Center into your Okta single sign-on. This is a two step-process: first you add the Control Center app in Okta, then you configure it to use Okta SSO.

Adding the HYPR Control Center in Okta
Configuring the HYPR Control Center

Adding the HYPR Control Center in Okta

Go to the Applications page in your Okta Administrator Console and click Add Application.

On the Add Application page, click Create New App.

In the Create a New Application Integration window, create the integration using the following settings:

Parameter

Value

Platform

Web

Sign on method

OpenID Connect

On the Create OpenID Connect Integration page, use the following settings:

Parameter

Description

Example

Application name

A descriptive name for the integration

HYPR Control Center

Application logo

Upload the logo you want to use. The HYPR support team can send you a .PNG file upon request.

Login redirect URIs

The full path to your HYPR Control Center instance

https://hypr.example.com/login/oauth2/
code/controlCenterAdmin

After you’ve created the connection, go to the General Settings tab and edit the default settings.

Change the General Settings as follows:

Parameter

Setting

Allowed grant types

Implicit (Hybrid)
Allow ID Token with implicit grant type

Login initiated by

Either Okta or App

Application visibility

Display application icon to users

Display application icon in the Okta Mobile app

Login flow

Redirect to app to initiate login (OIDC Compliant)

Initiate login URI

The login URI for your Control Center instance

Below the General Settings section you’ll see the Client Credentials section. Make a note of the Client ID and Client secret since you’ll need those to configure the HYPR Server later.

After saving the configuration, go to the Assignments tab and assign the new application to your HYPR administrator users as necessary.

Configuring the HYPR Control Center

After you’ve added the HYPR Control Center as a new application in Okta, you need to configure it to use the appropriate Okta OAuth endpoints.

Log into your HYPR Control Center and select IDP Settings from the Global Settings fly-out menu to display the OIDC Connection Settings page:

Set the required authorization URLs to the appropriate OAuth endpoints as shown in the table below. In each case, the base URL path is as follows:

https://<yourOktaDomain>/oauth2/default

Parameter

Setting

OAuth URL

https://<yourOktaDomain>/oauth2/default/v1/authorize

Token URL

https://<yourOktaDomain>/oauth2/default/v1/token

UserInfo URL

https://<yourOktaDomain>/oauth2/default/v1/userinfo

JWKS URL

https://<yourOktaDomain>/oauth2/default/v1/keys

Client ID

Use the client ID assigned when you added the application to Okta

Client Secret

Use the client secret assigned when you added the application to Okta

HYPR URL

The relying party URL for your HYPR instance

User name claim attribute

preferred_username