Okta
Snow Atlas supports configuring Okta as a single sign-on (SSO) provider.
The Okta single sign-on application registration is configured using OpenID Connect (OIDC). The configuration options are already set with the permissions and settings required to function with Snow Atlas. You can also configure items such as user and access group assignments that you want to apply to this registration.
Supported features
-
ServiceProvider (SP) initiated SSO when you attempt to sign in from Snow Atlas
-
User provisioning to create the user on first sign in, when the feature is enabled in Snow Atlas
Requirements
-
The user is an Okta administrator.
-
The user is a Snow Atlas system administrator.
Application permissions
The following permissions are required by the Snow Atlas Okta single sign-on application registration:
| Scope permission | Description |
|---|---|
profile | Retrieves basic profile information about a user that is mapped to the user's profile in Snow Atlas |
email | A user's primary email address that is used to sign in to Snow Atlas and as contact information |
okta.users.read | The Okta scope for the user's read group membership that is used to map groups to Snow Atlas permissions. This is for future group synchronization and will only be queried if the feature is configured. |
Configuration required
You are required to configure Okta for Snow Atlas. You must add the Snow Atlas single sign-on app to your organization's Okta. For more information, see Add Snow Atlas as Okta app.
The user must have the email claim set in Okta.
You also require the relevant Authority, client ID and client secret from the Snow Atlas SSO app in Okta, which you need to set up Okta as your SSO provider in Snow Atlas. For more information, see Find values to set up Okta SSO in Snow Atlas.
Claim mappings
The Okta given_name and family_name properties are mapped to the equivalent properties in Snow Atlas if they are not already populated
Flexera does not own the third party trademarks, software, products, or tools (collectively, the "Third Party Products") referenced herein. Third Party Product updates, including user interface updates, may not be reflected in this content.