Single Sign On with Okta OAuth2

Need help APIs
1

Hello all!

I am trying to set up Single Sign On (SSO) using an API Connector for OKTA using the OAuth2 User-Agent Flow.

My API Connector looks like this

image
image717×348 15.5 KB

I have followed the tutorial (Okta SSO template by Georgian) for setting up OKTA with Bubble however I cannot get the following error to go away even if you run the authentication process with ?debug_mode=true on.

image
image735×142 6.01 KB

My workflow is below:
image

Also, when you run the authentication it will log you in, but the Current User will not remain logged on.

I would love your assistance :smiley:

2

I don’t have an answer. but have a similar challenge. One of the client companies of my app likes to sign in their users with Okta SSO.

I already have mirosoft (azure AD) single sign on. Where we had to make our own plug in.

So I need to do this as well for Okta. Anyone with experience on creating SSO with Okta?

3

Hey @koen1 and @josh38! I actualyl figured out how to get an Okta SSO plugin to work

@koen1 - can you share more about your Azure SSO plugin?

4

Hey,

Please do tell about the Okta SSO!

Thanks! :smiley:

5

@Toby1 how did you get okta to work?

@josh38 what I learned we did wrong is create an Oauth plugin. where I try to setup SSO for companies (all allowed users of a corporate client). and that needs to be SAML. Oauth is more for single user login. Then Azure AD cannot deal with the consent request Oauth pushes as it expects single users. does that make sense?

I am about to go for it again. see if a SAML based SSO works. and hopefully then it is generic and can connect to Azure AD, Okta and any other SSO that speaks SAML 2.0

6

https://docs.chezie.co/integrations/okta

do this to make the app in Okta

if you DM me your emails I can share a demo plugin we use and record a quick video telling you what to swap out @koen1 @josh38

7

@koen1 do you mind sharing how you set up your Azure SSO plugin?

8

I’m interested as well.

9

I am setting up the plugin described here: Oxeler - step 1 looks good so far. need a bit more time till its live (and just to be sure I am focused on getting it to work with azure ad. although i believe it will work with others like okta as well)

10

@Toby1 @treb.gatte@eldad1 made this plugin

11

Thanks for the shoutout @koen1.
SAML2 is an authentication protocol (verify the user’s identity) while Oauth2 is an authorization protocol (verify what the user can access).

SAML2 doesn’t address authorization at all and is usually only used in B2B settings since it requires IT works on both applications.

Oauth2 is not an authentication protocol, it’s an authorization protocol. Your application is asking for permission to act on behalf of the user, and the user has to approve it. Oauth2 is used to implement social login (e.g. login with Facebook). The way it works is that your application will ask the identity provider (in this case Azure) to access your user details and Azure will ask the user to agree to provide that access.

Open ID Connect (OIDC) is a newer authentication protocol (similar to SAML). OIDC uses OAuth2 to access the user details, and that why there is sometime confusion between the two protocols. Like OAuth2, OIDC will usually request the user to consent to the data access, especially if the request is comping from a system outside the organization

OKTA, Azure, Auth0, PING federated and others are all systems that allow organizations to manage their users identities and they support all three protocols (depending on the organization licensing)… but in my experience most B2B SSO is still done with SAML 2.0. In that regards, as long as you are using a standard protocol you wouldn’t need to worry about which system you are integrating to.