Note* At this time, SSO can only be used for authentication. We do not provision profiles through SSO.
We will need 3 pieces of information.
- Client ID
- Client Secret
- Okta doman
Overview
- Create App Integration
- Copy required information
- Configure dashboard app
Create App Integration
Under Applications click Create App Integration
- Select “OIDC – OpenID Connect”
- Select “Web Application”
- Name: KPA EHS
- Logo:
https://s3.amazonaws.com/common.kpaehs.com/sso/kpa-ehs-logo.png
- Authentication Code: ✅
- Implicit (hybrid): ✅
- Sign-in redirect URI:
https://mobile.kpaehs.com/sso/return
- Sign-out redirect URI: Remove this entry. This is not currently supported by KPA EHS.
Copy required information
- Client ID
- Client Secret
- Okta domain
Configure dashboard app
Enable this whenever you are ready to expose the KPA EHS app to your employees via the Okta dashboard.
Click Edit under “General Settings”
Under “Login” section
- Login initiated by: Either Okta or App
- Application visibility: Display application icon to users ✅
- Application visibility: Display application icon in the Okta Mobile app ✅
- Login Flow: Redirect to app to initiate login (OIDC Compliant) ✅
- Initiate login URI:
https://SUBDOMAIN.kpaehs.com/sso
- SUBDOMAIN: Is the subdomain used by your kpaehs.com site.
Complete
The app registration should be complete.
With this we can test and enable SSO through the SSO Administration page.
Contact support if you have any questions.