This feature is available as a paid add-on for Countly Enterprise.
The Okta feature allows Countly to bypass its regular authentication procedures and use the Okta user credentials of the organization instead. The Okta integration feature is available in Countly Enterprise v20.04 and above. To deploy this, contact your Account Manager.
The group name in Countly must be the same as the group names in Okta.
What is Okta?
Okta Identity Cloud provides secure identity management with Single Sign-On, Multi-factor Authentication. Okta's Universal Directory allows you to store unlimited users and attributes from applications and sources like AD or HR systems.
Getting Started
Enabling Okta in Countly
If you cannot see the Okta integration option on your Countly account, it is possible that it is not included in your package. Please contact your Account Manager. If it is included in your package but you are unable to see the option, please reach out to our Support Team, who will help you set it up.
First, enable the Okta feature by going to Management > Feature Management and click on the enable toggle button for Okta.
The organization’s user needs to use the same Countly login credentials as their organization’s Okta authentication account.
Steps in your Okta Developer Console
These steps have been taken from Okta’s documentation. As they may update their product and documentation, please visit the Okta App Registration page for complete details.
You can either use an existing OpenID Connect app or create one.
- In the Okta dev console and then Create New Application.
- Fill the Application Settings fields like app name and Countly domain for your organization redirect URLs (e.g., https://countly.yourdomain.com/okta/login-callback for login and https://countly.yourdomain.com for logout).
And that is all! Now you can continue the setup on Countly and easily finalize the Okta integration.
Installing Okta in Countly
Create and enable a config.js file from sample.config.js:
If your server is Countly-hosted, please contact Support and provide us with the information listed below.
<module.exports = {
orgUrl: 'https://dev-623170.okta.com',
clientId: '0oa16eh84vg4cHHSb4x7',
clientSecret: 'wgyItX95EjtusUoccVhtLY2t8OvvicrVt5CHHE6v',
apiToken: '00mmBkLFJhOiGcOsLaf--DuezUGdo_0j8abT4OO2yx',
globalAdminGroup: 'countly-global-admin',
baseUrl: 'https://user.count.ly',
};>
orgUrl: can be found in the top right section of the Okta dashboard
clientId and clientSecret fields: listed in the Okta dashboard, under the Applications tab.
apiToken: create API token on Okta
globalAdminGroup: group name, which will be the global admin of Countly and which needs these group permissions to access the user management and create groups inside Countly.
baseUrl: Countly domain for your organization.
Using Okta in Countly
- Go to Management > User Management.
- Choose a user who is a member of the group which has been set up as a Global Admin Group and who can manage the Users section and create Groups. The group name of Okta and the group name of Countly should be the same.
3. The Okta feature does not have user-level permissions; instead, it has group-level permissions. The members of the Okta groups should match those of the Countly groups for the members of the Okta group to access the Countly. Permissions will depend on the group permission setup inside Countly to manage the Groups or Users sections. Assign users to the groups in Okta in order to match between Countly groups and Okta groups.