This article is aimed at OKTA Administrators, to understand the requirements to integrate a Cirkus private server with your SSO Server
Single sign-on (SSO) via OKTA lets you sign up and/or log in with your OKTA account to access the Cirkus applications on web, iOS, and mac.
- If OKTA SSO is turned on, all of your existing Workspace members will need to login with OKTA and their accounts will be linked if they use the same email address in both systems
- New users can sign up for Cirkus using the SSO OKTA link.
Cirkus SSO for OKTA is only available on Cirkus Private deployments.
If you are using both Cirkus Web and iOS/macOS apps, you will need to configure both web and native apps.
- OKTA configuration for Cirkus Web application
- OKTA configuration for Cirkus Native applications (mac desktop and iOS)
OKTA configuration for Cirkus Web application
Step 1 Follow these steps to add Cirkus to your Okta account for the first time.
- Log in to your organization's Okta Admin Dashboard (https://dev-xxxx-admin.okta.com/)
- From the Applications menu choose “Applications”and Create App Integration with the following settings:
a) OIDC - OpenID Connect & Single-Page Application should be selected.
b) add Cirkus logo (optional)
You can download Cirkus log from here: https://static.cirkus.com/email/[email protected]
Change https://yourcompany.cirkus.com to URI provided by Cirkus team.
c) Choose your preferred application assignment policy:
Retrieve the below settings and provide to Cirkus team:
- client_id
- domain
Authorization server id (https://developer.okta.com/docs/reference/api/oidc/#_2-okta-as-the-identity-platform-for-your-app-or-api)
Step 2: Enable OKTA Log in with SSO on your server (via Cirkus Support)
- Send the, domain, client_id, and authorisation server id to cirkus support securely, we will configure the SSO on your private server.
- Generally when SSO is configured, it is the only authentication permitted, i.e signin/up with username and password is no longer allowed. If you require a different configuration please let Cirkus Support know.
- If you already have signed up with username/password before enabling SSO, and you used the same email address as you have in OKTA, your accounts will be linked the first time you authenticate with OKTA.
- For Cirkus Mac and iOS apps, an updated application with this SSO config may be required on your provisioning service (App Store or proprietary service)
When OKTA is configured the web signing page will look like this.
Clicking Continue with OKTA will open a web popup
If Authentication is successful the user will be logged in or signed up in Cirkus.
If Authentication is not successful the user will be returned to the login page with a “authentication unsuccessful” message
OKTA configuration for Cirkus Native applications (mac desktop and iOS)
Step 1: Set up in OKTA, and note configuration info to pass to Cirkus support
Follow these steps to add Cirkus Native apps to your Okta account for the first time.
- Log in to your organization's Okta Admin Dashboard (https://yourdomain-admin.okta.com/)
- From the Applications menu choose “Applications”and Create App Integration with the following settings:
- On the next configuration page, choose the app name (+ custom logo optionally) and set the below Grant types.
You can download Cirkus log from here: https://static.cirkus.com/email/[email protected]
4. Leave the Sign-in and Sign-out settings as default and set Assignments per your choice/company policy.
Take note of the Sign-In redirect URI to pass it to Cirkus team later.
5. Once finished,on the final configuration page, take a note of Client Id to pass it to Cirkus team later.
The GENERAL SETTINGS/USER CONSENT/LOGIN section should look similar to the below:
6. Retrieve the below settings and provide to Cirkus team:
Client ID
domain
Sign-In redirect URI