Okta Authentication
Okta Authentication for HYPR Control Center
If your HYPR Control Center users are part of your Okta organization, you can integrate the Control Center into your Okta single sign-on. This is a two step-process: first you add the Control Center app in Okta, then you configure it to use Okta SSO.
Adding the HYPR Control Center in Okta
Configuring the HYPR Control Center
Adding the HYPR Control Center in Okta
Go to the Applications page in your Okta Administrator Console and click Add Application.
On the Add Application page, click Create New App.
In the Create a New Application Integration window, create the integration using the following settings:
| Parameter | Value |
|---|---|
| Platform | Web |
| Sign on method | OpenID Connect |
On the Create OpenID Connect Integration page, use the following settings:
| Parameter | Description | Example |
|---|---|---|
| Application name | A descriptive name for the integration | HYPR Control Center |
| Application logo | Upload the logo you want to use. The HYPR support team can send you a .PNG file upon request. | |
| Login redirect URIs | The full path to your HYPR Control Center instance | https://hypr.example.com/login/oauth2/ code/controlCenterAdmin |
After you’ve created the connection, go to the General Settings tab and edit the default settings.
Change the General Settings as follows:
| Parameter | Setting |
|---|---|
| Allowed grant types | Implicit (Hybrid) Allow ID Token with implicit grant type |
| Login initiated by | Either Okta or App |
| Application visibility | Display application icon to users Display application icon in the Okta Mobile app |
| Login flow | Redirect to app to initiate login (OIDC Compliant) |
| Initiate login URI | The login URI for your Control Center instance |
Below the General Settings section you’ll see the Client Credentials section. Make a note of the Client ID and Client secret since you’ll need those to configure the HYPR Server later.
After saving the configuration, go to the Assignments tab and assign the new application to your HYPR administrator users as necessary.
Configuring the HYPR Control Center
After you’ve added the HYPR Control Center as a new application in Okta, you need to configure it to use the appropriate Okta OAuth endpoints.
Log into your HYPR Control Center and select IDP Settings from the Global Settings fly-out menu to display the OIDC Connection Settings page:
Set the required authorization URLs to the appropriate OAuth endpoints as shown in the table below. In each case, the base URL path is as follows:
https://<yourOktaDomain>/oauth2/default
| Parameter | Setting |
|---|---|
| OAuth URL | https://<yourOktaDomain>/oauth2/default/v1/authorize |
| Token URL | https://<yourOktaDomain>/oauth2/default/v1/token |
| UserInfo URL | https://<yourOktaDomain>/oauth2/default/v1/userinfo |
| JWKS URL | https://<yourOktaDomain>/oauth2/default/v1/keys |
| Client ID | Use the client ID assigned when you added the application to Okta |
| Client Secret | Use the client secret assigned when you added the application to Okta |
| HYPR URL | The relying party URL for your HYPR instance |
| User name claim attribute | preferred_username |
Updated almost 2 years ago