Okta SSO

c/side allows you to create an Okta OIDC application and use it to authenticate users into your c/side organization.

When you enable Okta SSO, anyone with your company email domain will be forwarded to authenticate with Okta. This means you can use Okta to scope who can access c/side, and when you allow someone, they will automatically be added to your c/side organization with no permissions.

Requirements:

  • c/side Enterprise plan
  • An already setup c/side organization - the initial admin (you) will be the first user, and will be converted to SSO upon migration.
  • Admin access to your Okta account

Create an Okta OIDC Application

  1. Go to your Okta Admin console. Head into the Applications > Applications tab.
  2. Click on the "Create App Integration" button.
  3. Select "OIDC" for Sign-in method.
  4. Select "Web Application" for Application type.
  5. Click Next.

Create OIDC Application

Configure Okta OIDC Application

Now we will configure this application to be compatible with c/side.

  1. Enter the name of the application as "c/side"
  2. Check the box "Client Credentials" under "Grant Type"
  3. For Sign-in redirect URI, enter https://cside.dev/auth/callback/okta
  4. Clear the Sign-out redirect URI

Configure OIDC Application

Want to add the c/side logo to this application?

Here's the logo ready-to-go in a format Okta supports:

  1. For assignments, this is largely down to your companies posture on who should have access to c/side. For the sake of this example, we will allow anyone in the organization to access. Please think carefully before selecting this option.

Configure OIDC Application 2

Obtain relevant details

For a c/side representative to be able to bind your Okta instance to your c/side organization, they need the following pieces of information, some of which we created above.

  1. Client ID (e.g. 0oa1a2b3c4d5e6f7g8h9i)
  2. Client Secret (e.g. 0a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u)
  3. Issuer (Okta Domain, e.g. https://dev-123456.okta.com or like https://id.cside.dev if you are using a custom domain)
  4. Your companies email domain (this will be used to detect when to use SSO on c/side sign in), and must match the users in your Okta instance.

Relevant Details

Share with your c/side representative

Once you have these details, share them with your c/side representative. They will be able to bind your Okta instance to your c/side organization.

Then, the next time you log in, you will be redirected to Okta to authenticate!

Previous

Server side prefixing

Next

How does the script work?

On this page

Create an Okta OIDC ApplicationConfigure Okta OIDC ApplicationObtain relevant detailsShare with your c/side representative