Okta Workforce Identity Cloud
With Okta Workforce Identity Cloud, the Sana Admin users can securely log in to Sana Admin and other applications with their Okta accounts using single sign-on (SSO). It provides a simple, secure, and seamless login to Sana Admin using Okta accounts and enforcing all Okta security policies.
To allow users to log in to Sana Admin with their Okta accounts, you will need to:
- Create a Sana Commerce Cloud application in the Okta Admin Console.
- Add users to the Okta Admin Console.
- Assign users or groups to the application.
Create an App Integration in Okta
The app is needed to connect Sana Commerce Cloud to Okta.
Step 1: Sign in to the Okta Admin Console.
Step 2: Go to: Applications > Applications.
Step 3: Click Create App Integration.
Step 4: On the Create a new app integration page, select OIDC - OpenID Connect sign-in method.
Step 5: Choose Single-Page Application as the application type and click Next.
Step 6: In General Settings, enter a name for your app integration, for example, Sana Commerce Cloud, Sana, your webstore, or company name.
Step 7: Enable the Authorization Code and Refresh Token grant types.
Step 8: Add your Sign-in redirect URIs and Sign-out redirect URIs.
The sign-in redirect URI is where Okta sends the authentication response and ID token for the sign-in request. After Sana Commerce Cloud contacts Okta to close the user session, Okta redirects the user to the sign-out redirect URI.
If you have multiple Sana Commerce Cloud webstores and want to use single sign-on for all your webstores, you must add all your Sana Admin URLs.
- Sign-in redirect URI format: https://your-webstore-domain.com/admin
- Sign-out redirect URI format: https://your-webstore-domain.com/admin
Step 9: In Assignments, assign the app integration to a specific user group, grant access to everyone, or skip it and do it later.
Step 10: Click Save.
When the app is created, you can configure any other settings. For more information about app settings in Okta, see Create OIDC app integrations on the Okta website.
In the app details in Okta, see the Client ID and URL in the user profile menu. You will need the client ID and URL to connect your Sana Commerce Cloud application to Okta. Thus, copy these values.
To connect Sana Commerce Cloud to Okta, you will need to enter your application client ID and authentication server URL in Sana Admin.
For more information, see External Users.
User Accounts
You can create new users (people) in Okta or use existing users to allow your users to log in to Sana Admin with their Okta accounts.
Go to the Directory menu item to create and manage users (people) and groups in the Okta Admin Console.
For more information about how to create and manage users and groups in the Okta Admin Console, see User management on the Okta website.
You must assign your application in Okta to individual users (people) or entire groups so that they can access it.
There are several ways to assign users (people) and groups to applications in the Okta Admin Console. You can do it from the user or group details. You can also do it from the list of applications or application details.
For more information about how to assign applications to users and groups, see Assign app integrations, Assign applications to users, and Assign a single app to groups on the Okta website.
When users are created in the Okta Admin Console, user accounts with the same email addresses must be created in Sana Admin. For more information, see External Users.
Good to Know
If you use a single sign-on for your webstore customers with Okta:
- You can set up any security policies and restrictions in Okta, such as multi-factor authentication (MFA) and others.
- You can activate and deactivate the account. The deactivated users cannot log in to the applications.
- Okta controls user password policies, such as password reset and password expiration. If customers use their Okta credentials to log in to the Sana webstore, they cannot use the forgot password functionality of Sana. Instead, they can use Okta’s functionality, which is managed in the Okta Admin Console.