The following steps will demonstrate how to set up an OIDC connection within Okta that leverages AuthID's biometric authentication platform. The steps to fully integrate authID are as follows:
- Create a new integration in the authID Identity Portal
- Configure authID as an identity provider within Okta
- Setup routing rules
- Add a custom application (optional)
Add Identity Provider
First, navigate to the Security > Identity Providers section of your dashboard and click the button labeled Add Identity Provider.
Select the tile marked OpenID Connect.
Specify a Name for the connection, and use the saved values from your AuthID integration to fill out the Client ID and the Client Secret fields.
Fill out the Endpoints section with the following values from the AuthID OIDC server:
Finally, specify your preferred Authentication Settings and then turn off JIT settings. Save to create the Identity Provider.
Once the identity provider has been created, you must ensure that at least one value from the Login redirect Urls parameter for your authID integration matches the Redirect URI. This value can be found by clicking on the identity provider in the list:
Add Groups (Optional)
For easier user management, you can assign users that login via OIDC to a specific group. To begin this process, navigate to the Directory > Groups section and click the Add Group button. Add a name and optional description to complete this step.
Open the settings for the Identity Provider you created earlier, and navigate down to the JIT Settings section. Change the Group Assignments dropdown to Assign to specific groups. Enter the name of your group and click Update Identity Provider. Any new users logging in using this identity provider will be assigned to the group you created.
Add Routing Rule
Routing rules are used to direct users to the preferred identity provider based on their conformance to the conditions you set forth. In this way, we can make a determination to send a subset of the user population through the OIDC identity provider we have created. To begin, navigate to the Security > Identity Providers section of your dashboard and select the Routing Rules tab. From here, click the Add Routing Rule button to open the modal for creating a rule.
You can configure the rule as you see fit, but ensure that the last section labeled Use this identity provider points to the identity provider created earlier. For example, this rule will route any users attempting to access the app integration you created previously with an @example.com email address to use the OIDC connection.
Create Okta application (Optional)
If you are deploying a custom application that uses Okta to handle authentication, follow this section to create an integration within your Okta instance. For other use cases, e.g. signing into the Okta app dashboard, this section is optional.
On your administrative dashboard, navigate to Applications > Applications and click the button labeled Create App Integration.
Since we are creating an OIDC connection, select OIDC - OpenID Connect as the Sign-in Method, and select Web application as the Application type.
Specify the name of your application and the redirect URIs that will be used to handle callbacks. These values should match the AuthID integration details you created earlier.
Finally, select the radio button to Allow everyone in your organization to access and save to create the integration.