How to configure Okta for SSO into Space Connect

This article will explain how to set up Okta to work with Space Connect

Okta provides two account types: Developer and Corporate. Corporate account requires Corporate email with its own corporate domain.  In this guide only Developer account creation is considered.

Space Connect needs three key pieces of information, these are:

  • Okta Domain
  • Okta ClientID
  • Okta API Token

    Step 1: Create Space Connect groups

    Space Connect uses groups to determine who can access the admin portal.  In an O365 environment this is covered with Active directory group.  In Okta these groups must also be created and populated with the correct members.

    Login to the Okta Developer console and create two groups from Directory > Groups:

      1. SpaceConnectCompanyWebAdmin
      2. SpaceConnectUserGroup

    Add the members to the groups as needed.  Only users in the "SpaceConnectCompanyWebAdmin" group will be able to access the admin portal for managing locations, levels, desks, etc.


     

    Step 2: Register Space Connect application

    Space Connect must be added to Okta as an application.  This then controls the various settings and connections. Within Okta navigate to "Applications" and then click on "Create App Integration"

     

    The new app must use the Sign on method of "OIDC - OpenID Connect" and the Application type of "Web Application".

    The following details must then be entered for the new application

      1. Application name: SpaceConnectOnline
      2. Grant Type:
        • Client Credentials
        • Authorization Code
        • Refresh Token
        • Implicit (Hybrid)
            • Sign-in redirect URIs:
            • Signout redirect URIs:

          Then click "Save".


          Step 3: Set API Scope

          Still in the application, go to the "Okta API Scopes" tab. 
          You will need to grant permission for "okta.users.read"* to allow Space Connect to read the list of users within Okta.

          * This is the only permission that needs to be granted.


           

          Step 4: Create API Token

          To generate the API token that must be provided to SpaceConnect, use the top navigation bar and navigate to Security > API.  From here, click on the tab for "Tokens" and then click on "Create Token". 

          Note: an API token can be created by any user who has access to OKTA console.  The above screenshot shows a Super Admin user however, it is not a requirement.

           

          In the dialog, enter the token name as "SpaceConnect" and then click "Create Token".  The dialog will then change to display a log string of letter and numbers.  Copy this and save it as this must be provided to Space Connect.


           

          Step 5: Provide details to Space Connect

          Once Okta has been configured and the application registered, the following key information must be provided to Space Connect:

          1. Okta domain
          2. Okta Client ID
          3. Okta Client Secret
          4. Okta API token

          When these have been registered with Space Connect, users will then be able to access the application at https://admin.spaceconnect.co and https://app.spaceconnect.co

          When users land on the Space Connect login page, they will enter their email address.  At this point they will then be directed to the Okta login page to enter their password.  Once entered, they will then be able to access the Space Connect application.