How to configure Okta for SSO into Space Connect

This article will explain how to set up Okta to work with Space Connect

Okta provides two account types: Developer and Corporate. A corporate account requires a Corporate email with its own corporate domain.  In this guide, only Developer account creation is considered.

Space Connect needs four key pieces of information, these are:

  • Okta Domain
  • Okta ClientID
  • Okta Client Secret
  • Okta API Token

    Step 1: Create Space Connect Groups

    Space Connect uses groups to determine who can access the admin portal.  In an O365 environment, this is covered with the Active directory group.  In Okta these groups must also be created and populated with the correct members.

    Login to the Okta Developer console and create two groups from Directory > Groups:

      1. SpaceConnectCompanyWebAdmin
      2. SpaceConnectUserGroup

    Add the members to the groups as needed.  Only users in the "SpaceConnectCompanyWebAdmin" group will be able to access the admin portal for managing locations, levels, desks, etc.


     

    Step 2: Register Space Connect Application

    Space Connect must be added to Okta as an application.  This then controls the various settings and connections. Within Okta navigate to "Applications" and then click on "Create App Integration"

    The new app must use the Sign on method of "OIDC - OpenID Connect" and the Application type of "Web Application".

    The following details must then be entered for the new application

      1. Application name: SpaceConnectOnline
      2. Grant Type:
        • Client Credentials
        • Authorization Code
        • Refresh Token
        • Implicit (Hybrid)
            • Sign-in redirect URIs: (these are case sensitive)
            • Sign-out redirect URIs: (these are case sensitive)
            • Assignments -  Controlled Access: Allow everyone in your organisation to access.

          Go to the applications page and select 'SpaceConnectOnline',

          Scroll down to 'General settings' and click 'Edit'

          Then make the following amendments

            1. Login initiated by - Either Okta or App
            2. Login flow - Redirect to App to initiate login (OIDC Compliant)
            3. Initiate URI: https://app.spaceconnect.co

            Then click "Save".


              Step 3: Set API Scope

              Still in the application, go to the "Okta API Scopes" tab. 
              You will need to grant permission for "okta.users.read", and "okta.groups.read"* to allow Space Connect to read the list of users within Okta and see the access level of each user.

              * These are the only permissions that need to be granted.


               

              Step 4: Create API Token

              To generate the API token that must be provided to SpaceConnect, use the top navigation bar and navigate to Security > API.  From here, click on the tab for "Tokens" and then click on "Create Token". 

              Note: an API token can be created by any user who has access to the OKTA console.  The above screenshot shows a Super Admin user however, it is not a requirement.

               

              In the dialog, enter the token name as "SpaceConnect" and then click "Create Token".  The dialog will then change to display a long string of letters and numbers.  Copy this and save it as this must be provided to Space Connect.


               

              Step 5: Provide details to Space Connect

              Once Okta has been configured and the application registered, the following key information must be provided to Space Connect:

              1. Okta domain
              2. Okta Client ID
              3. Okta Client Secret
              4. Okta API token

              When these have been registered with Space Connect, users will then be able to access the application at https://app.spaceconnect.co/admin and https://app.spaceconnect.co

              When users land on the Space Connect login page, they will enter their email address.  At this point, they will then be directed to the Okta login page to enter their password. Once entered, they will then be able to access the Space Connect application.

               

              Please Note:

              Okta Tokens will expire in one month if they are not used. Token expiration is prolonged for one month every time it's used.

              If this occurs then do the following:

              1. Okta organisation admin should go to Okta Admin console and create a new API token:

               

              Provide Space Connect Support with the token so support can update Okta organisation settings in SC Admin Portal.