Spotlight can use SSO from your Okta instance, you just need to walk through a simple process to set this up.
Before you can start the setup, you’ll need your SSO configuration details from a member of the Spotlight team. These will include two urls:
- The callback URL - used for setting Stax Spotlight up in Azure AD and telling it where to send the response. As an example here, we’ll use https://app.stax.io/auth/oidc/my-token-here/callback
- The trigger / initiation URL - Use an example here, we’ll use https://app.stax.io/auth/oidc/my-token-here
Next, you’ll need access to the Okta console as someone with permissions to configure everything. Whilst logged into the console, you must then:
- Go the the “Applications” tab
- Click “Add Application”
- Hit “Create New App”
- Choose “Web” for the Platform, and “OpenID Connect” for the Sign on method
- For the Application name, enter “Stax Spotlight”
- In “Login redirect URIs”, add the Callback URL provided above, e.g. https://app.stax.io/auth/oidc/your-token-here/callback
- Save the connection
- the next page, edit “General Settings”
- Change “Initiate login URI” to your trigger / initiation URL above, e.g. https://app.stax.io/auth/oidc/your-token-here
- Save the changes
- In the “Client Credentials” portion, capture the “Client ID” and “Client secret” values to send to us.
- From the “Sign on” panel, capture the Issuer value to send to us.
- Finally, ensure you configure who can use the app under the “Assignments” tab.
Now, once you have those values, please send us the "Client ID", "Client secret" and "Issuer" values so that we can then configure it from our side. Once set up, we’ll work with you to test that your SSO is correct and then enable it.
Please ensure users are added to the application once setup via Okta, otherwise no one will actually have permissions to log in to Stax Spotlight.
From then on, you can either directly hit your Trigger URL to login, or alternatively, if provide us an email domain, will automatically trigger all logins for that domain to go via your connection. You can also configure Okta to provide one-button login into the application.
Enabling login from the your Okta dashboard
If you wish to enable login from your Okta dashboard, so users can click a button there, there is optional extra configuration in Okta to do so.
First, go into your application settings in Okta, and find your Stax application. Under the "General" tap, find the "General Settings" section and click "Edit".
From there, ensure the following settings:
- Login initiated by: Either Okta or App
- Application Visibility: Your preference, but Display application icon to users will show it on the dashboard.
- Login flow: Redirect to app to initiate login (OIDC Compliant)
- Initiate login URI: Ideally already set earlier, but the value above - your Trigger URL. This is the url without callback on the end of it.