Skip to main content

Check out Port for yourself 

Okta

Follow this step-by-step guide to configure the integration between Port and Okta.

info

In order to complete the process you will need to contact us, the exact information we need to provide, as well as the information Port requires from you is listed in this doc.

Port-Okta integration benefits

  • Connect to the Port application via an Okta app.
  • Your Okta teams will be synced with Port, automatically upon user sign-in.
  • Set granular permissions on Port according to your Okta groups.

How to configure the Okta app integration for Port​

Step #1: Create a new Okta application

  1. In the Admin Console, go to Applications -> Applications.
  2. Click Create App Integration.

Okta new application wizard

  1. Create an OIDC app integration. Select OIDC - OpenID Connect in the Wizard.

Okta new application OIDC integration

  1. Choose Single-Page application as your application type.

Okta new application type

Click Next.

Step #2: Configure your Okta application

Under General Settings:

  1. Choose an app integration name (a specific name that will appear on your Okta apps).

  2. Add an application logo (optional).

    Port's logo

  3. Under Grant type mark all options.

  4. Under Sign-in redirect URIs set: https://auth.getport.io/login/callback.

    • The Sign-in redirect URI is where Okta sends the authentication response and ID token for the sign-in request.

  5. Remove the sign-out redirect URIs.

  6. Under Assignments: Set Allow everyone in your organization to access.

    Okta app settings Okta app settings assignments

Step #3: Configure OIDC settings

Get your Okta Domain by clicking on your user mail at the top-right corner of the Okta management interface, hovering on the okta domain (will be in the format {YOUR_COMPANY_NAME}.okta.com) and clicking on Copy to clipboard:

Get Okta domain

Under General tab:

  1. Copy the Client ID and send it to Port along with the Okta Domain from the previous step (using chat/Slack/mail to support.port.io).

    Okta app settings

  2. Click on the Edit button on the General Settings tab.

    2.1 Set the Login initiated by option to Either Okta or App:

    Okta app settings

    2.2 Check all the options in Application visibility:

    Okta app settings

    2.3 Check Login flow to be Redirect to app to initiate login (OIDC Compliant)

    2.4 Under initiate login URI paste the following URI:

    Setting authorization endpoint based on account region

    Port exposes two API instances, one for the EU region of Port, and one for the US region of Port.
    Use the correct endpoint based on your account region, and make sure to to replace {CONNECTION_NAME} with the value provided to you by Port.

    https://auth.getport.io/authorize?response_type=token&client_id=96IeqL36Q0UIBxIfV1oqOkDWU6UslfDj&connection={CONNECTION_NAME}&redirect_uri=https%3A%2F%2Fapp.getport.io
    note

    We will provide your {CONNECTION_NAME} (Contact us using chat/Slack/mail to support.port.io).

    Okta app settings login flow

    2.5 Click Save and you’re done! now you’ll have the Port app on your Okta dashboard.

    Okta dashboard with Port app

    Direct access via URL

    After configuring the SSO connection, you can initiate the login flow directly via URL.
    Use the following URL based on your account region, and make sure to to replace {CONNECTION_NAME} with the value provided to you by Port.

    https://auth.getport.io/authorize?response_type=token&client_id=96IeqL36Q0UIBxIfV1oqOkDWU6UslfDj&connection={CONNECTION_NAME}&redirect_uri=https%3A%2F%2Fapp.getport.io

How to allow pulling Okta groups to Port

note

This stage is OPTIONAL and is required only if you wish to pull all of your Okta groups into Port inherently.

Benefit: managing permissions and user access on Port.
Outcome: for every user that logs in, we will automatically get their associated Okta groups, according to your definition in the settings below.

To allow automatic Okta group support in Port, please follow these steps:

  1. Under the Application page, select Port App and go to the Sign On tab:

    Okta application sign-on settings

  2. Under OpenID Connect Token click Edit:

    Okta application connect id token

  3. Add a Groups claim type and choose the option filter, then:

    3.1 Value = groups

    3.2 Select the required regex phrase to your needs.

    note

    To import all groups, insert Matches regex with the .* value.

    Okta application set group claims

    3.3 Click Save.