Okta (OIDC)

Okta authentication has been introduced for allowing single sign-on between your Okta and your Storefront. Users that have already logged in Okta will be able to automatically login to your Storefront without entering their credentials.

 

Setting up Okta STEP 1


To enable the Okta feature in Storefront, please proceed with the following guide:
Go to this link: https://login.okta.com/.

After login in, click on the Applications > Applications sub-option, from the Main menu.

Then click on the "Add Application" button to register an application.



On the following window, choose as “Platform“ the Web option, and then choose for the “Sign on method“ the OpenID Connect radio button.

Continue by clicking on the Create button.

 

From the next window, enter a name for your application next to the “Application name” text field and you can optionally add an application logo on the next field.

Afterwards, you must provide a dummy URI for the “Login redirect URIs” options, in order to proceed. Click on the “+Add URI“ button and fill in the field with the following URI: “http://localhost“.

Eventually, you can click on the Save button at the bottom of the page in order to proceed. For the “Login redirect URIs” you can leave it as-is and we will get back to it later in this guide.

 

Once the Save button is clicked, you will be redirected to the application’s Client Credentials & General Settings page. Another way to access this page is by clicking on the application you have just created and then select the General tab.

Here you need to save the following information for later use in BSS:

  • Client ID: This id will be used in the BSS’s “Client Id” field, located on the Okta Settings page.

  • Client secret: This secret will be used in the BSS’s “Client Secret” field, located on the Okta Settings page.

  • Okta domain: This domain will be used in the BSS’s “Authority” field, located on the Okta Settings page.

Then you need to navigate to the Assignments tab, where you will find the Assign button. Click it and then choose to assign the application to certain “Groups” of people or specific “People“ from your organization that you wish to allow access to the Storefront via Okta.

After finishing and Saving the assignment(s), the application is now partially ready and a few steps remain, which are analyzed later in this guide.

Setting up the BSS Mechanism STEP 2


Now on BSS, go to: BSS Setup > Administration > System Options > Storefront Login Settings (as explained on this Documentation). 
Click on the Okta "Settings (OIDC)" button.

 

ID and Secret - Setup

On the following page, you are required to utilize the previously-stored IDs from the "Step 1" section and paste them into their corresponding fields. More specifically:

  • Provide a name to the Instance Name text field. 

  • Paste your stored [Okta domain] to the Authority text field (domain: https://<uniqueDomain>.okta.com).

  • Paste your stored [Client ID] to the Client Id text field.

  • Paste your stored [Client secret] to the Client Secret text field.

Attribute Mapping - Setup

Concerning the Attribute Mapping section of this page, it is introduced as an easy way to map the JSON response of the identity provider to a Property of the BSS Account/Contact/User.

Next to the first five attribute-mapping fields, there is a question mark icon, that upon hovering over it, it displays the default mapping values for your aid.

You don't need to fill in the Attribute Mapping text fields, since the attributes "ExternalId", "First Name", "Last Name", "Email", and "Phone" already have the default mapping, which you can witness below.

Field

Value

Field

Value

ExternalId

'sub'

First Name

'given_name' or 'name' if empty

Last Name

'family_name'

Email

'email' or 'preferredUsername' if empty

Phone

'phone_number'

Company Name

 

Country Code

 

However, if you wish to alter the default mapping, you can do so with either of the two JSON response objects namely IdTokenUserInfo that are utilized for the attribute mapping and the attribute matching. 
Please also note that many Attribute Mapping fields can be declared with a comma "," and the priority with which they are written applies (if no value is found in the first, the code checks the second).
Below you will find the two aforementioned JSON files that can be used as an example.