FORA users have the ability to configure a default identity provider to power SSO. This article details how to configure their FORA tenant with Okta as a means of authentication.
Supported Features
Service Provider Initiated Authentication - This flow occurs when a user attempts to log in to the application from FORA
Requirements
In order to configure login with SSO through Okta, you must:
Have access to an Okta tenant
Be an Okta administrator to that tenant
Have an active FORA user account
Configuration Steps
Navigate to your Okta tenant homepage (for example https://trial-7694437.okta.com/app/UserHome)
Click the “Admin” Button at the top right-hand corner of the page. Login using your admin credentials
From the left hand navigation panel, click “Applications” and then “Applications”
Click “Create App Integration” to start the app creation process
On the first modal, select “OIDC - OpenID Connect” and “Single-Page Application”
Enter an “App Integration Name” of FORA. No need to change the “Core grants” setting here.
For sign-in and sign-out redirect URIs, enter the following values
Sign-in redirect URIs: https://app.fora.day/callback/okta
Sign-out redirect URIs: https://app.fora.day/logout
Under “Assignments”, you have some options here:
“Allow everyone in your organization to access” and “Enable immediate access with Federation Broker Mode”.
This allows any user the ability to access the “FORA” okta app. However, it does not give every user access to your FORA tenant, it only allows any user access to use Okta within the FORA application.
You can also skip this for now, and manually assign users to the FORA app if you’d like to do that later.
Use the “Skip group assignments for now” option
You’ll then need to assign people or groups to your app after the app is created
Click save. After saving, click into the application you just created. Copy the “Client id” from the Client Credentials section under the General tab. Provide this client id securely to a member of the FORA team.
We will also require the Issuer URI for your authorization server. You can find this in the left-hand navigation panel by clicking Security and then API. Provide us with the information for your default authorization server that your primary FORA users already use for authentication.
