Kanbina AI Documentation
Logging in with Single Sign-On (SSO) through Okta
This document describes how to configure Okta as the primary Identity Provider to facilitate Single Sign-On (SSO) with the Kanbina application.
Supported Features
-
Service Provider (SP)-Initiated Authentication (SSO) Flow -This authentication flow occurs when the user attempts to log in to the application from Kanbina.
-
SP-Initiated Single Logout (SLO) Flow – provides a single step for users to sign out of both Kanbina and Okta.
Requirements
In order to proceed with configuring login with SSO through Okta, you must:
-
Have access to an Okta tenant.
-
Be an Okta administrator to that tenant.
-
Have received a tenant name and application environment name (live/test)from Kanbina.
If you have not received these details, please email support@kanbina.ai
Configuration Steps
The following documents the configurations for setting up the OIDC integration between Kanbina and Okta. Okta is the Identity Provider (IdP) and depending on the use case, the user will be redirected to Okta for authentication if no session has been established.
1. Login to your organization’s Okta tenant
2. Navigate to Applications > Add Application, search for “Kanbina AI”, and then click Add. Note that the two Applications references are not duplicated.
3. Enter an Application Label in General Settings. This is the name under which the Kanbina app will appear in your Okta dashboard–e.g. “Kanbina” or “Kanbina Test”
4. Click Done.
5. Then under the Sign On tab of the Kanbina application, copy the Client ID and Client Secret. Communicate and paste into a text document.
6. Note: These values allow Kanbina to communicate with Okta. The Client ID is a public identifier for the client that is required for all OAuth/OIDC flows. The Client Secret is a private identifier which you should not share or broadly distribute.
7. Before leaving the Sign On tab, click Edit and under Advanced Sign-on Settings, enter the Redirect URI and Post Logout Redirect URI provided by Kanbina. Click Save.
8. Finally check that the text file contains the following items and communicate the text file securely to Kanbina,zip it into an encrypted archive. Email this archive to Kanbina and communicate the archive password via a different channel as directed (Teams, Slack, SMS etc).
-
Your Okta domain, e.g. https://example.okta.com
-
Client ID
-
Client Secret
9. Before leaving Okta, ensure you have given yourself and any other target users access to the Kanbina application. You can do this by going to Applications > Kanbina > Assign and then assigning to either the target people or group
Notes
Permissions Kanbina’s integration with Okta leverages Okta only for authentication. To assign permissions for Kanbina, users must do so directly within Kanbina.
Testing
To test SP-initiated SSO:
-
Go to the URL provided by Kanbina (eg. https://example.test.kanbina.ai)
-
Enter your Okta account details.
-
Click Sign In to proceed to the Kanbina application.