Set Okta as your External Provider in HR

Please do not complete any of the steps in this section, as we will soon be transitioning to our new identify management solution, IRIS Identity. This transition impacts the actions listed here.

Email us at: productteam-staffologyhr@iris.co.uk to learn more or for further advice.

Set up either Okta, Idaptive, Google or Azure as external providers in your HR software.

Okta

Add your HR software as an Application to Okta:

  1. Within your Okta dev console, go to Applications and select Add Application.

  2. Choose Web.NET.

  3. Input your desired application name and select Done.

  4. Go to Applications and select the Application created.

  5. Choose General and select Edit.

In the Application section:

  1. In Allowed grant types, select:

    • Authorization code.

    • Implicit (Hybrid).

    • Allow ID Token with implicit grant type.

    • Allow Access Token with implicit grant type.

In the Login section:

  1. Login redirect URIs: HR_url + "/" + ProviderName

  2. Logout redirect URIs: n/a

  3. Initiate login URI: Equal to Login redirect URIs (not mandatory)

Client credentials are at the end of the page:

  1. Add your HR users to your Okta system as normal.

  2. In HR, add Okta as your external provider.

  3. Using the instructions on Set up your External Provider set Okta up as your External Provider in HR.

The details you need include:

  • Provider Name - a free choice text field e.g. Okta.

  • Display Name - an info field e.g. Okta.

  • Authority - your Okta domain e.g. https://dev-787195.okta.com

  • Client ID – see your Okta configuration.

  • Client Secret - see your Okta configuration.

  • Logout URL – n/a

  • Email as Username – Leave deselected.

  • Active - select.

  1. Select users using the Employee Selector.

  2. Find each users External ID in Okta:

    Go to Users in Okta and select the desired user. Check the URL in the address bar of your browser e.g. https://dev-638834-admin.okta.com/admin/user/profile/view/00u1j8z7jm3BrzIPD357

  3. The text in red is the External ID.

  1. In HR, enter the External ID into the field next to each employee you have selected.

  1. Save when finished.

  2. Your user can now log in with their HR username (no password). Once they select Return, the Okta Login screen opens (providing they are not already logged into Okta).

Configure Resource Application URL (select to login via Okta's dashboard)

To set up a resource application URL so that users can Sign in to Staffology HR, you must:

  1. Go to the Okta administration page for the Staffology HR web app you want to allow auto-login.

  2. Go to the Login section and change your Initiate Login URI.

  3. Replace <octopus.local> with the domain you are targeting and replace <providerld=1> with provider ld={lD of the current external provider}. You can see the Provider ID on the Configure External Provider screen within Staffology HR after configuring and saving your provider.