Skip to content

Okta

Okta integration allows Afi users to connect Okta company account to Afi account and set up Okta SSO for Afi application. Afi supports both service provider-initiated and identity-provider initiated authentication flows providing a seamless login experience for Okta users.

How to enable authentication with Okta

The following section explains how to integrate Afi with your Okta account.

Step 1 - Install Afi application from Okta marketplace

As a first step, please log in to your Okta administrator account and install the Afi application from Okta Integrations marketplace.

Create the application in your Okta directory with the suggested settings:

Step 2 - Setup authentication

Once the application is created, go to the Sign On tab and click on View SAML setup instructions button in the bottom of the page.

On the SAML setup instructions page you will find the following items that are required for further configuration:

  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • X.509 Certificate
  • Okta Company ID

Now you are ready to finish Okta authentication configuration on the Afi side. Please go to the ServiceSettingsOkta tab in the Afi portal, fill the provided fields and press Save.

Step 3 - Add users to the application

You can assign users who should be able to access Afi through Okta via the application's Assignments tab:

Authentication modes

Afi supports both service provider-initiated and identity provider-initiated Okta authentication flows.

Service provider-initiated flow

Service provider-initiated flow starts on the custom Afi login screen for Okta where a user is prompted to enter their Okta company ID and then proceed with Okta authentication. Upon successful authentication, the user will be redirected to the Afi portal.

Identity provider-initiated flow

Identity provider-initiated flow starts from a user’s home page in Okta (My Applications). In this flow user clicks on the Afi application icon, then Okta communicates with Afi to perform SAML authentication transparently for the user and, in case of success, redirects the user to the Afi portal.