Okta

Overview

Okta is an identity and access management platform. When integrated with Simpro, Okta streamlines your login process and helps your employees to be secure when accessing your data.

To follow the full integration process, learn more in How to Set Up Single Sign-On.

To find solutions for troubleshooting, learn more in Single Sign-On Troubleshooting.

If you use Microsoft Entra ID instead, learn more in Microsoft Entra ID SSO.

A screenshot of the IdP details step in Okta setup

To set up single sign-on with Okta:

  1. From your Okta admin centre, go to Applications > Create App Integration.
  2. To create the application:
    1. For Sign-in method, select OIDC - OpenID Connect
    2. For the Application type, select Web Application
  3. Click Next.
  4. Once on the New Web App Integration screen, select / provide below fields on Okta
    • App integration name: Your preferred name
    • Grant type
      1. Select Client credentials for Client acting on behalf of itself
      2. For Core grants, select both Authorization code and Refresh token
    • Paste the Callback URI copied from Simpro into Sign-in redirect URIs
    • For assignments, you can either assign the users/groups now or later after creation
  5. Click Save.
  6. To assign users/groups to the application, go to Application > Assignments > Assign
  7. Once the application has been created, create on authorization on Okta to be able to support Simpro Premium:
    1. Simpro Premium requires a new authorization server to be created for SSO integration. Go to Security > API > Authorization Servers > Add Authorization Server.
    2. Enter the following:
      1. Name: Your preferred name
      2. Audience: copy your Simpro Premium URL
    3. Click Save.
    4. Create a new scope in the Authorization server. Go to Authorization server > Scopes > Add Scope and enter:
      1. Name: simpro (all lowercase)
      2. Display name: As per your preference
      3. Description: Optional
      4. Default Scope: Check this option if applicable
      5. Metadata: Select Include in public metadata
    5. Create a new access policy in the authorization server. Go to Authorization server > Access Policies > Add Policy and enter:
      1. Name: offline_access
      2. Description: offline_access
      3. Assign to: Per your preference
    6. Create a new rule to the access policy. Go to Access policies > Access policy (offline_access) > Add rule and enter:
      1. Rule name: offline_access
      2. Grant type: Select Client credentials, Core grants (Authorization code AND Device Authorization)
      3. User: Per your preference
      4. Scope requested: Select ‘Any scopes’
      5. Access token lifetime: per your preference
      6. Refresh token lifetime: Per your preference
  8. Add Okta IdP details on Simpro Premium to create integration:
    • Copy the client ID from General > Client credentials > Client ID
    • Copy the Client secret from General > Client secrets.
    • Copy the Issuer URI created in step 7 from Okta Security > API > Authorization servers.