Okta Directory Connection¶
Okta Directory is a newer version of identity and access management (IAM). Okta Directory is a cloud-based identity and access management platform that helps organizations securely manage user authentication and access to applications, devices, and data.
The Okta Directory application on Hire2Retire uses OAuth authorization. By linking your Okta Directory account with Hire2Retire, you can authorize the RoboMQ application to have delegated access on your behalf. RoboMQ needs the following permissions on your account to provide a seamless integration experience:
| Scopes | Explanation |
|---|---|
| okta.schemas.read | Allows the app to read information about Schemas in your Okta organization. |
| okta.groups.manage | Allows the app to manage existing groups in your Okta organization. |
| okta.users.manage | Allows the app to create new users and to manage all users' profile and credentials information. |
Create a Connection¶
You need to have the application registered on your tenant & provide the necessary permission required by Hire2Retire. Hire2Retire requires the following details to create a connection.
- Client ID - Application ID
- Tenant URL - Unique identifier of the Okta instance.
Navigate to the "General" tab within your registered application to locate the Client/Application ID and use the top-right dropdown in the Okta Directory portal for the Tenant URL.
To cred the application in your instance, follow the instructions below.
Application Registrations¶
- Sign in to the Okta Directory portal.
- Open the
Admin Console, go toApplications, and click Create App Integration. - Select
API Servicesas the Sign-in method and click Next. - Enter the App integration name and click Save.
- In the
Generaltab, edit the Client Credentials section to usePublic key / Private keyas Client Authentication. - Click
Add Key, paste the public key copied from the Hire2Retire connection UI and click Save. - Confirm the dialog to disable existing client secrets by clicking Save again.
Credentials¶
Credentials enable your application to authenticate independently, eliminating the need for user interaction during runtime. As a confidential client application, Hire2Retire will utilize these credentials to authenticate itself for automated tasks.
Follow the steps below to add credentials:
- Copy the public key from the Hire2Retire connection UI.
- In your registered application, select
General>Public Keys>Add - Paste the public key and click Save.
Public key/Private key are the preferred credential type due to their enhanced security compared to client secrets.
This registered application can now be used as a service account for automation. To configure your Okta Directory connection, click Link Account.
Application Permission¶
Set up application permissions for any application that needs to authenticate itself without the user's help or consent. To authorize a registered application to access the Okta Directory API, navigate to Okta API Scopes. Here you can see all granted permissions to your application.
RoboMQ needs the following permissions on your registered application to provide a seamless integration experience:
| Scopes | Explanation |
|---|---|
| okta.schemas.read | Allows the app to read information about Schemas in your Okta organization. |
| okta.groups.manage | Allows the app to manage existing groups in your Okta organization. |
| okta.users.manage | Allows the app to create new users and to manage all users' profile and credentials information. |
You need to make this app as an administrator. For that, you need to follow these steps:
- In your registered application go to
Admin rolesand click on Edit assignments. - Select Role as
Super Administratorand click on Save changes.
