Okta Authentication

Okta Authentication for HYPR Control Center

If your HYPR Control Center users are part of your Okta organization, you can integrate the Control Center into your Okta single sign-on. This is a two step-process: first you add the Control Center app in Okta, then you configure it to use Okta SSO.

Adding the HYPR Control Center in Okta
Configuring the HYPR Control Center

Adding the HYPR Control Center in Okta

Go to the Applications page in your Okta Administrator Console and click Add Application.

472472

On the Add Application page, click Create New App.

473473

In the Create a New Application Integration window, create the integration using the following settings:

ParameterValue
PlatformWeb
Sign on methodOpenID Connect
473473

On the Create OpenID Connect Integration page, use the following settings:

ParameterDescriptionExample
Application nameA descriptive name for the integrationHYPR Control Center
Application logoUpload the logo you want to use. The HYPR support team can send you a .PNG file upon request.
Login redirect URIsThe full path to your HYPR Control Center instancehttps://hypr.example.com/login/oauth2/
code/controlCenterAdmin
608608

After you’ve created the connection, go to the General Settings tab and edit the default settings.

621621

Change the General Settings as follows:

ParameterSetting
Allowed grant typesImplicit (Hybrid)
Allow ID Token with implicit grant type
Login initiated byEither Okta or App
Application visibilityDisplay application icon to users

Display application icon in the Okta Mobile app
Login flowRedirect to app to initiate login (OIDC Compliant)
Initiate login URIThe login URI for your Control Center instance
430430

Below the General Settings section you’ll see the Client Credentials section. Make a note of the Client ID and Client secret since you’ll need those to configure the HYPR Server later.

431431

After saving the configuration, go to the Assignments tab and assign the new application to your HYPR administrator users as necessary.

621621

Configuring the HYPR Control Center

After you’ve added the HYPR Control Center as a new application in Okta, you need to configure it to use the appropriate Okta OAuth endpoints.

Log into your HYPR Control Center and select IDP Settings from the Global Settings fly-out menu to display the OIDC Connection Settings page:

563563

Set the required authorization URLs to the appropriate OAuth endpoints as shown in the table below. In each case, the base URL path is as follows:

https://<yourOktaDomain>/oauth2/default

ParameterSetting
OAuth URLhttps://<yourOktaDomain>/oauth2/default/v1/authorize
Token URLhttps://<yourOktaDomain>/oauth2/default/v1/token
UserInfo URLhttps://<yourOktaDomain>/oauth2/default/v1/userinfo
JWKS URLhttps://<yourOktaDomain>/oauth2/default/v1/keys
Client IDUse the client ID assigned when you added the application to Okta
Client SecretUse the client secret assigned when you added the application to Okta
HYPR URLThe relying party URL for your HYPR instance
User name claim attributepreferred_username