Okta Single Sign On: Accounts

Accounts + Okta Integration Overview

The Okta integration uses the Open ID framework to allow authenticated users to securely log in to an individual account. 

Clients using the Accounts Hub may also enable the Okta integration through this process, using a separate Okta app. Okta can also be used to allow your supporters to log into the Supporter Hub – see the separate documentation if you wish to use it there. The Supporter Hub implementation also requires a separate Okta app.

Set Up Instructions

  1. In Okta, click on Add Application

  2. Choose OpenID Connect 

  3. Give the application a name, e.g. “Engaging Networks Okta Accounts”

  4. The web app redirect URI should point to one of the URLs below depending on your server. The ClientID can be found in Engaging Networks under the “Hello” menu.

    Canada server
    https://ca.engagingnetworks.app/ea-dataservice/rest/account/auth/client/{clientId}

    U.S. server
    https://us.engagingnetworks.app/ea-dataservice/rest/account/auth/client/{clientId}

  5. On saving, Client ID and Client Secret keys will be generated.

  6. Edit the General settings and add Initiate login URI – https://ca.engagingnetworks.app/index.html#login or https://us.engagingnetworks.app/index.html#login

  7. Add ‘People’ under Directory. Make sure that these users exist in Engaging Networks

  8. In Engaging Networks, enable the Okta integration in your Engaging Networks account by navigating to the Extensions Manager under your Account Settings. Select the Okta integration available under the Account level integration options. 

  9. Enter the required details prompted, including Okta Client ID and Client Secret (this should be used from your web app in Okta). The Okta login URL should be auto-populated in Engaging Networks. Be sure to save all details updated to enable.

  10. Update your web app in Okta with the login URL populated.

  11. In the Okta web app, Add users under ‘Assignments’ in the web app with a primary email address for each. This will determine who is able to access the particular account (or associated subaccounts).

  12. When the redirect is sent to Engaging Networks, it will make the appropriate calls to obtain the access token. Using the access token, Engaging Networks will make a call to the ‘userinfo’ endpoint to obtain the email address of the authenticated user. It will then use that email address to log the user into the account.

Note: When a user logs out of the account, Engaging Networks will destroy the application session but will not log the user out of Okta.