Configuring Custom Identity Providers for Single Sign On

Use the following procedure to configure a single sign on connection with an external identity provider to be used with Fortra platform. This will add an entry to the single sign on page of the login process, in addition to the existing Google, Microsoft, and Email options.

The following information relates to creating an OIDC connection. If your identity provider does not support this authentication method, please reach out to Fortra support.

Configuring Microsoft Entra ID (formerly Azure Active Directory)

Initial Configuration

  1. Sign in to the Microsoft Entra admin center. You need to be at least a Cloud Application Administrator.

  2. From the navigation, click Applications and then App registrations.

  3. Click New registration.

  4. Enter a name and click register. We recommend naming it Fortra.

  5. Navigate to the Certificates & secrets section of your application.

  6. Click New client secret.

  7. Enter a name for the secret and click Add.

  8. Now that your client secret has been created, copy its value and store it somewhere accessible and secure as it will be needed for a later step.

  9. Navigate to the Overview section of your application.

  10. Copy and store the Application (client) ID.

  11. Click Endpoints.

  12. Copy and store the OpenID Connect metadata document field.

  13. Save your application.

Platform Configuration

  1. Sign in to the Fortra platform.

  2. Navigate to Platform Manager.

  3. In the left menu, click System, then Login Options.

  4. Click Add IDP.

  5. Enter an appropriate Display Name. This is the name that will appear on the platform login page.

  6. Fill in the remaining fields that were copied and stored from Microsoft Entra ID:

    • Client ID = Application (client) ID

    • Client Secret = Client Secret Value

    • Metadata URL = OpenID Connect metadata document field

  7. Enter a Rank where you would like this provider to appear on the login page. The lowest rank will appear first.

  8. Click Save.

  9. Click Actions next to the provider you just created and select Details.

  10. Copy and store the details.

Finalize Configuration

  1. Sign in to the Microsoft Entra admin center. You need to be at least a Cloud Application Administrator.

  2. From the navigation, click Applications and then App registrations.

  3. Select the application you previously created.

  4. Navigate to the Branding & properties section of your application.

  5. In the Home page URL field, enter the Initiate login URL that you copied from the Provider details in the platform.

  6. Click Save.

  7. Navigate to the Authentication section of your application.

  8. Under Platform configurations, select Add a platform.

    1. Select Web.

    2. In the Redirect URL field, enter the Sign-in redirect URL that you copied from the Provider details in the Platform.

    3. (Optionally) In the Front-channel logout URL field, enter the Sign-out redirect URL that you copied from the Provider details in the Platform. This enables Single Log Out.

    4. Select Access tokens (used for implicit flows).

    5. Select ID tokens (used for implicit and hybrid flows).

    6. Click Configure.

  9. Click Enterprise applications from the navigation.

  10. Select your application.

  11. Navigate to Users and groups.

  12. Assign the application to users/groups as required.

Configuring Okta

Initial Configuration

  1. Navigate to the Okta Admin portal.

  2. Click Applications from the navigation menu.

  3. Click Create App Integration.

  4. Select OIDC – OpenID Connect.

  5. Select Web Application.

  6. Click Next.

  7. Enter an appropriate application name.

  8. Under Grant Type select Authorization Code and Refresh Token.

  9. Under Assignments select Skip group assignment for now.

  10. Click Save.

  11. Under Client Credentials, copy and store the Client ID and Secret.

Platform Configuration

  1. Sign in to the Fortra platform.

  2. Navigate to Platform Manager.

  3. In the left menu, click System, then Login Options.

  4. Click Add IDP.

  5. Enter an appropriate Display Name. This is the name that will appear on the platform login page.

  6. Fill in the remaining fields that were copied and stored from Okta:

    • Client ID

    • Client Secret

    • Metadata URL = https://<okta-domain>/.well-known/openid- configuration?client_id=<client_id>

  7. Enter a Rank where you would like this provider to appear on the login page. The lowest rank will appear first.

  8. Click Save.

  9. Click Actions next to the provider you just created and select Details.

  10. Copy and store the details.

Finalize Configuration

  1. Navigate to the Okta Admin Portal.

  2. From the navigation, click Applications.

  3. Select the application you previously created.

  4. Under General Settings, click Edit.

  5. Enter the values copied from the Provider details in the platform.

  6. Update the Login initiated by field to either Okta or App.

  7. Click Save.

  8. Click the Assignments tab to view application assignments.

  9. Assign the application to users/groups as required.