How do I use Okta to login to Cirro?

  1. Supported features

    Cirro Okta integration enables customers to log in to Cirro using Okta as a single sign-on (SSO) provider via the SP-initiated SSO flow.

  2. Prerequisites

    • Your organization uses Okta and has an active Okta account.

    • You have the necessary admin permissions in Okta to install and configure applications.

  3. Configuration steps

    • Add our app

      Follow these instructions in order to install our app:
      https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Apps_Page.htm

      Important! During the installation process, you will need to fill in the "Customer Name" field, which is a required installation attribute for our app. You can find this field under the "General" tab of the app configuration. It must be populated with your tenant identifier, a unique value we'll provide to you in advance.

      • The identifier is a critical part of the configuration and will be used as an integration variable to create a unique redirect URL for your organization (e.g., if identifier is 'best_company', then redirect URL will be https://example.io/auth/okta_best_company/callback).
      • The identifier should be entered as it is provided to you, in lowercase, using snake_case formatting for multiple words (e.g., 'best_company').

      If you have not received your tenant identifier in a prior communication with us, please reach out to us at [email protected] before beginning the installation process. Our team will provide this value to you after verifying your request.
      For more details on integration variables, refer to the Okta documentation here: https://developer.okta.com/docs/guides/submit-oin-app/-/main/#integration-variables

    • Send the Authentication Information to Cirro

      1. Open the Cirro app in your Okta admin console.

      2. Navigate to the Sign On tab.

      3. Copy the following values:

        • Client ID
        • Client Secret

      4. Copy your okta organization URL that Cirro is going to use in order to authenticate your users. It is the URL that you access the organization with:
        https://developer.okta.com/docs/guides/find-your-domain/findorg/

    • Send email with the collected information

      After you have the Client ID, Client Secret, and the Okta Organization URL, please send an email to your Cirro point of contact or to [email protected] with this information.

      To ensure the security of the Client Secret, please use an encrypted email service or a secure file-sharing tool to share it. Please notify us if you need assistance setting up a secure method to share the Client Secret.

      Example:

      Client ID: 2ac7d9c15f17dc1a17cf4
      Client Secret: [Provide securely]
      Okta organization URL: dev-company.okta.com
      Username Email Domain: company.com - domain used by users to login to Cirro

      We will review the information and confirm once the integration is set up and ready for testing.

  4. SP-Initiated SSO Flow

    Cirro supports SP-initiated SSO for login. This means users start the login process from Cirro's login page and are redirected to Okta for authentication. Once authenticated, they are redirected back to Cirro and granted access.

    Login Steps:

    1. Navigate to your organization's specific Cirro login page (provided after the integration setup).

    2. Click the "Okta" button.

    3. Enter your Okta credentials if prompted.

    4. Upon successful authentication, you will be redirected to your Cirro dashboard.