You can now use Okta to log in to Surfboard. To set this up, you need to configure some settings in your Okta dashboard.
SSO via Okta is only available with our Enterprise plan. Please contact your Customer Success Manager to find out more.
How to set up
Step 1: Create the App Integration
Login to your Okta account (you'll need admin access)
Navigate to Applications > Applications
Click 'Create App Integration'
Step 2: Specify ‘OIDC’ and ‘Web Application’
A modal will open entitled 'Create a new app integration'
Under 'Sign-in method', select 'OIDC - OpenID Connect'
Under 'Application type', select 'Web Application'
Click 'Next'
Step 3: Input the Surfboard sign-in redirect URL
Next, you'll be taken to the 'New Web App Integration' modal
Name the App integration, 'Surfboard', so you know what it is. You can download the Surfboard app icon from this link.
Under 'Sign-in redirect URLs', paste
https://surfboard.eu.auth0.com/login/callbackas a sign-in redirect URL so that Okta knows where to send users after they have authenticated. Every other default value can be left untouched.You also need to decide whether to assign the App to everyone, or only for selected groups. You can use whichever setting fits your Okta workflow best.
When you're done, hit Save.
Step 4: Send us the generated Client ID, Client Secret, and your Okta Domain
To finalise the connection, you'll need to supply our team with some details. Please send this to your Customer Success manager via a secure password manager or similar.
The details we need are:
Okta domain: You can copy this from the URL bar in your browser.
Client ID: This is specific to the Surfboard integration with your Okta instance.
Client Secret: This is specific to the Surfboard integration with your Okta instance.
Once all of these steps are complete, your Surfboard SSO via Okta connection will be ready to use.
How does it work?
When you open Surfboard and click “Log in with Okta”, our authentication provider (Auth0) will contact your Okta domain to check whether you’re logged in.
We’re able to do this securely behind the scenes because you’ve shared a client ID and client secret with us, and doing this behind the scenes means that if you’re already logged in to Okta then you’ll immediately enter into Surfboard.
If you’re not currently logged in to Okta, you’ll be redirected to your Okta domain and prompted to log in there. Once you’ve logged in successfully there, you’ll be redirected back to Surfboard.
FAQs
Do I still need to create users in Surfboard once I’ve assigned them the Surfboard application in Okta?
Yes. In order to specify the user’s role (Surfer and/or Manager) you need to create users in Surfboard as well as assigning them the application in Okta. To associate the Surfboard account and the Okta account, you need to set up the user in Surfboard with the same email address they have in Okta, and then click the button in Surfboard to send them an invitation email.
How do I migrate existing Surfboard accounts to use Okta authentication?
If you currently use Google or username and password to log into Surfboard but want to start logging in with Okta, reach out to your CSM. We will initiate an Okta migration process which will allow you to send new Surfboard invitation emails to existing users, which they can accept to associate their Surfboard accounts with their Okta accounts.
How can I get the Surfboard app to appear in users’ Okta dashboards?
Okta users can always get to the Surfboard login screen by visiting app.teamsurfboard.com, but if you want a Surfboard link to appear in their Okta dashboard you need to make sure the following settings are configured on the Surfboard app in Okta. These settings will only appear after the initial setup steps.
