Single Sign-on (SSO) Configuration with OKTA

One OKTA tenant configuration

Configuration in OKTA for ZFlow

Take note of ClientID and Client Secret in OKTA. Set the Grant type to Authorization Code as shown below.

 

 

Add the following in OKTA

  • Sign-in redirect URI – https://zflowservername/zflow/oktasso
  • Sign-out redirect URI – https://zflowservername/zflow/nui/logout.jsp
  • Assignments – select among options based on your company policy

 

 

Configuration in ZFlow

Add the configuration properties as shown below

  • OKTA_CLIENTID
  • OKTA_CLIENTSECRET
  • OKTA_URL

 

Second OKTA tenant configuration (for suppliers)

The second OKTA tenant configuration is used when suppliers are set up to use a different OKTA tenant. The configuration in OKTA for ZFlow remains the same. In ZFlow, you need to add the second OKTA (OKTA2) configuration, as shown below. The Supplier login page then uses the second OKTA tenant for authentication and access.

  • OKTA2_CLIENTID
  • OKTA2_CLIENTSECRET
  • OKTA2_URL

 

 

Use the following in OKTA’s second tenant configuration

  • Sign-in redirect URI – https://zflowservername/zflow/okta2sso
  • Sign-out redirect URI – https://zflowservername/zflow/okta2signout
  • Assignments – select among options based on your company policy