Okta via OIDC

OIDC extends OAuth 2.0 by adding an additional layer of user authentication, making it suitable for SSO integrations with authorization servers like Okta. Your Okta platform can utilize OIDC to authenticate across multiple applications. When a user logs in to one application using Okta as the identity provider, they are automatically logged in to other applications, such as Mindful, that have also integrated with Okta.

This section covers the Okta SSO integration with OIDC. Topics covered:

  • Configuring Okta
  • Testing the access and ID tokens
  • Configuring your Mindful Organization
  • Adding Role Mappings

For initial OIDC/Okta setup instructions, see the getting-started guide in the Okta Help Center.

Configure Okta

Once the OIDC application has been created, make sure the following configuration is in place:

  1. Users and/or groups should be assigned to the application in the Assignments tab.
  2. Make sure Authorization Code and Client Credentials are selected.
  3. Obtain the appropriate value for Sign in Redirect URIs from the Mindful Support team.
  4. In your OIDC application, navigate to the Sign On tab.
  5. Click the Edit link next to the OpenID Connect ID Token section.
  6. Make sure your section looks like the following and then click the Save button

image of the open I.D. connect I.D. token window

Test the Access and ID Tokens

If you wish to test what your Access and ID Tokens will look like before integration, use the following steps:

  1. Navigate to Security > API. Select the default authorization server.
  2. Select the Token Preview tab.
  3. Enter information into the required fields.
    1. Select your OIDC app from the list in the OAuth/OIDC Client field.
    2. In the User field, enter a user that you created in your Dashboard.
  4. Click Preview Token.

image of the token preview tab

Note: View the Token tab to ensure the new token is displayed. It will be in the Token tab because you set up the group claims to live in the Access Token, not the ID Token. If everything is setup properly, you should see a groups section with the groups for user you entered.

Configure your Mindful Organization for OIDC using Okta

Now it's time to link your Mindful Organization to your Okta OIDC account. This step can only be performed by Mindful staff.

Add Role Mappings (Okta to Mindful)

Lastly, you'll need to map your Okta group to Mindful roles.

  1. Click Add Role Map.
  2. For Name, enter the same value that you used for your Okta group. Exact capitalization isn't required.
  3. For Roles, enter the role(s) that the user will be assigned when they log in with a matching group name.
  4. If more roles are necessary, add those as well. Make sure to click Save to keep your changes.