The integration with Okta lets you use Okta as your single sign-on and multi-factor authentication service to access Chargifi Cloud. This adds an extra layer of security for our customers.
To facilitate single sign-on and multi-factor authentication with Okta and Chargifi Cloud, you’ll need to have the following:
- An Okta license
- Access to an Okta Admin account
For users to be able to log in to Chargifi with their Okta account, user accounts need to be created in Chargifi with the same email address as their Okta user.
Getting the Required Information in Okta
To get the information you require from Okta to set up the SSO feature, do the following:
- Sign in to your Okta organization as a user with administrative privileges.
- Choose Admin on the upper right of the portal page.
- Copy the Org URL from the top right corner of the dashboard.
Note: If your dashboard looks different, try choosing the Developer Console view from the top left menu.
- Go to Applications -> Add Application.
- Select Web and choose Next.
- Fill in the Application Settings as follows:
- Name: Chargifi OIDC
- Login redirect URIs: https://auth.chargifi.com/sso/authenticate
- Logout redirect URIs: https://auth.chargifi.com/en/logout
- Grant type allowed: Client Credentials and Implicit (Hybrid)
- Choose Done.
- Choose Edit and make the following changes:
- Under Allowed grant types, deselect the checkbox Allow Access Token with implicit grant type.
- Change Login initiated by to Either Okta or App.
- Under Application visibility, select the checkbox Display application icon to users.
- Under Login flow, ensure the radio button Redirect to app to initiate login (OIDC Compliant) is selected.
- Change Initiate login URI to https://auth.chargifi.com/sso/okta/<CHARGIFI_SSO_ALIAS>.
Note: You need to pick a name and enter it in place of the <CHARGIFI_SSO_ALIAS> indicated above. This will form part of your personalized SSO login URL to Chargifi Cloud via Okta.
- Choose Save.
- Under the Client Credentials section, copy the Client ID and Client Secret.
- Go to API -> Authorization Servers.
- Select the default authorization server by clicking the link or the pencil icon.
- Go to the Scopes tab.
- Choose Add Scope.
- Fill in the Add Scope section as follows:
- Name: chargifi
- Description: This allows Chargifi to verify the client credentials.
- Choose Create.
Setting up a Chargifi Okta integration in Chargifi Develop
To integrate Okta with Chargifi Cloud, do the following:
- Go to Chargifi Cloud -> Develop -> Single Sign-On (SSO) -> Okta -> Manage Integration.
- Click Add Okta Integration.
- Enter the name you used as an alias in step 8.5 of Getting the Required Information in Okta.
- Paste your Client ID and Client Secret into the corresponding fields.
- Paste your Org URL in the Base URI field.
- Choose Create and Test Integration.
You will see a confirmation message at the top of your screen.
Obtaining SSO Access
You can manage your Single Sign-On (SSO) Integrations yourself as long as you are a managed service provider (MSP) administrator. Otherwise, please contact your MSP administrator for assistance.
That's it! You are all ready to go.