Okta¶
Okta integration allows Afi users to connect Okta company account to Afi account and set up Okta SSO for Afi application. Afi supports both service provider-initiated and identity-provider initiated authentication flows providing a seamless login experience for Okta users.
How to enable authentication with Okta¶
The following section explains how to integrate Afi with your Okta account.
Step 1 - Install Afi application from Okta marketplace
As a first step, please log in to your Okta administrator account and install the Afi application from Okta Integrations marketplace.
Create the application in your Okta directory with the suggested settings:
Step 2 - Setup authentication
Once the application is created, go to the Sign On tab and click on View SAML setup instructions button in the bottom of the page.
On the SAML setup instructions page you will find the following items that are required for further configuration:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
- Okta Company ID
Now you are ready to finish Okta authentication configuration on the Afi side. Please go to the Service → Settings → Okta tab in the Afi portal, fill the provided fields and press Save.
Step 3 - Add users to the application
You can assign users who should be able to access Afi through Okta via the application's Assignments tab:
Authentication modes¶
Afi supports both service provider-initiated and identity provider-initiated Okta authentication flows.
Service provider-initiated flow¶
Service provider-initiated flow starts on the custom Afi login screen for Okta where a user is prompted to enter their Okta company ID and then proceed with Okta authentication. Upon successful authentication, the user will be redirected to the Afi portal.
Identity provider-initiated flow¶
Identity provider-initiated flow starts from a user’s home page in Okta (My Applications). In this flow user clicks on the Afi application icon, then Okta communicates with Afi to perform SAML authentication transparently for the user and, in case of success, redirects the user to the Afi portal.