Deepfactor integrates with Okta so you can manage access to the Deepfactor portal through Okta. Please follow the below steps to configure authorization for Deepfactor using Okta Single Sign-on flow:
- Log in to your Okta admin portal. Navigate to Applications from the left sidebar and click on ‘Create App Integration’.
- Fill in the app details. Please use the following values for sign-in and sign-out redirect URIs
Sign-in redirect URIs: https://{deepfactor-portal-hostname}/okta/authorization-code/callback
Sign-out redirect URIs: https://{deepfactor-portal-hostname}
- Once you create the app, you will get the Client ID and Client secret. Copy these details as you will need to enter these in the Deepfactor portal.
- Add users to this newly created application so users can login to Deepfactor.
- Login to the Deepfactor portal. Navigate to Integrations → Identity Provider. Click on Configure okta and enter the details obtained from the previous steps.
You can select the default team and default role when configuring Okta integration. Users who login via okta will automatically be assigned to the specified team with the specified role if df_access claim is not present in the okta token received by Deepfactor. You can also configure team memberships and roles from Okta by following the instructions provided in the following document.
Configure team memberships and roles from idp
Okta issuer URI will depend upon your okta account.
| API access management | Auth server | URL |
| Disabled | NA | https://<okta_domain>/oauth2 |
| Enabled | default | https://<okta_domain>/oauth2/default |
| Enabled | Custom | https://<okta_domain>/oauth2/<authorization_server_id> |
Once you fill the form and confirm, you will be able to see the configuration details as shown below. In the below example, we have configured the default team as ‘Devops Team’ and default role as ‘developer’, so every user that logs in via okta will have developer role within the Devops Team IF df_access claim is not sent in the Okta token received by Deepfactor.
- Once Okta is integrated, you will see the button to sign in with Okta on the Deepfactor portal login screen. You can click on this button and log in to Deepfactor portal using your okta sign-on.
Login screen with Okta configured
If login is failing, you can login to the Deepfactor portal with your email and password, provided password authentication is not disabled and verify that the details provided in the configure okta screen are correct.
Disable password authentication #
Once you have successfully integrated Okta with Deepfactor, you can disable password authentication to ensure every user logs into Deepfactor via Okta. Please ensure the integration is working properly by logging into Deepfactor via Okta before disabling password authentication to avoid getting locked out of your Deepfactor account.
Disable password authentication confirmation