Okta SSO

cside allows you to create an Okta OIDC application and use it to authenticate users into your cside organization.

When you enable Okta SSO, anyone with your company email domain will be forwarded to authenticate with Okta. This means you can use Okta to scope who can access cside, and when you allow someone, they will automatically be added to your cside organization with no permissions.

Requirements:

  • cside Enterprise plan
  • An already setup cside organization - the initial admin (you) will be the first user, and will be converted to SSO upon migration.
  • Admin access to your Okta account

Create an Okta OIDC Application

  1. Go to your Okta Admin console. Head into the Applications > Applications tab.
  2. Click on the "Create App Integration" button.
  3. Select "OIDC" for Sign-in method.
  4. Select "Web Application" for Application type.
  5. Click Next.

Create OIDC Application

Configure Okta OIDC Application

Now we will configure this application to be compatible with cside.

  1. Enter the name of the application as "cside"
  2. Check the box "Client Credentials" under "Grant Type"
  3. For Sign-in redirect URI, enter https://dash.cside.com/auth/callback/okta
  4. Clear the Sign-out redirect URI

Configure OIDC Application

Want to add the cside logo to this application?

Here's the logo ready-to-go in a format Okta supports:

  1. For assignments, this is largely down to your companies posture on who should have access to cside. For the sake of this example, we will allow anyone in the organization to access. Please think carefully before selecting this option.

Configure OIDC Application 2

Obtain relevant details

For a cside representative to be able to bind your Okta instance to your cside organization, they need the following pieces of information, some of which we created above.

  1. Client ID (e.g. 0oa1a2b3c4d5e6f7g8h9i)
  2. Client Secret (e.g. 0a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u)
  3. Issuer (Okta Domain, e.g. https://dev-123456.okta.com or like https://id.cside.dev if you are using a custom domain)
  4. Your companies email domain (this will be used to detect when to use SSO on cside sign in), and must match the users in your Okta instance.

Relevant Details

Share with your cside representative

Once you have these details, share them with your cside representative. They will be able to bind your Okta instance to your cside organization.

Then, the next time you log in, you will be redirected to Okta to authenticate!

Previous

Unmanaged setup

Next

Duo SSO

On this page

Create an Okta OIDC ApplicationConfigure Okta OIDC ApplicationObtain relevant detailsShare with your cside representative