Okta - Using Okta Workforce integration

For teams using Okta as their enterprise identity provider, there are a few integration options to set up SSO with Scanner. The option recommended by Okta is to use the Okta Workforce integration.

Step 1: Create Okta OIDC Application Integration

  1. Within your Okta dashboard, navigate to Applications > Applications.

  2. Click Create App Integration.

  3. For the Sign-in method, select OIDC - OpenID Connect. For the Application type, select Web Application. Click Next.

  4. Set the App integration name to "Scanner.dev" or another name if you like. The logo is optional, but here is a link to a logo image you can download and use.

  5. Under Grant type, keep the defaults, which should show show that only Core grants > Authorization Code is checked.

  6. Under Sign-in redirect URIs, replace the default with https://login.scanner.dev/login/callback.

  7. Under Sign-out redirect URIs, delete the default.

  8. Under Trusted Origins, add https://login.scanner.dev.

  9. Click Save.

Step 2: Assign a group to the application

If you don't already have a Group in Okta containing users that will access Scanner, you can create a new group.

  1. Navigate to Directory > Groups.

  2. Click Add group.

  3. Set the name to "Scanner Users".

  4. In the group details, navigate to Applications, and click Assign applications.

  5. Search for "Scanner.dev", or whatever the name was that you gave to the application.

  6. Add users to the group.

Step 3: Share client credentials and Okta domain with Scanner

  1. Under Client Credentials, you can find the Client ID and a Client Secret. Copy-paste the Client ID and Client Secret somewhere.

  2. In the top-right dropdown, you can find your Okta Domain, which looks something like <domain>.okta.com. Hover your mouse over the domain, and copy-paste it somewhere.

  3. Contact your Scanner support team via your enterprise's private Slack channel or by email. Share the Client ID, Client Secret and Okta Domain.

Step 4: Scanner support team will complete the integration

Your Scanner support team will create the new SSO integration and connect it to your Scanner instance. They will configure the integration such that all users with your enterprise's email domain will be directed to your Okta SSO login system. Coordinate with your support team to decide what email domain(s) to use here.

Step 5: Log in to Scanner

  1. Enter your email address (should use your enterprise's email domain).

  2. Scanner will redirect to Okta, where you can log in.

  3. You'll be redirected to Scanner and can now use the application.

Note: At this point, you will have access to Scanner, but one of your team members with user invitation permissions must also add you to a team and give you an appropriate user role in Scanner before you can view data.

Last updated