Bevy supports Single Sign On via Okta, a certified OpenID Connect provider on the OAuth 2.0 protocol.
Setup steps
To support Single Sign On via Okta, please complete in your Okta account:
- Log in to your Okta account and access the Okta Admin Dashboard.
- In the right sidebar menu, click Add Applications option under Shortcuts.
- Once on the Add Application page, click on Create New App
- On the Create a New Application Integration window, select Web as the Platform and OpenID Connect as the Sign on method. Click Create to continue.
- On the Create OpenID Connect Integration, fill the Application name and set the Login redirect URI with the following:
- Add a callback URL for Bevy to test:
https://<client-id>-staging.bevylabs.com/accounts/oidc/login/callback/
- Here,
<client-id>
is the same ID used for the bevylabs.com subdomain. If you are unsure what this is, please contact Bevy Support.
- Here,
- Add a callback URL for your instance during onboarding:
https://<client-id>.bevylabs.com/accounts/oidc/login/callback/
- Add a callback URL for your final chosen domain that will be used when you go live with Bevy:
https://<yourdomain>/accounts/oidc/login/callback/
You can also upload a logo using the Application logo option.
- Add a callback URL for Bevy to test:
- Once saved, you’ll be redirected to the details of the newly created application. You will need to assign the groups that should have access to join your Bevy instance, normally everyone would have access. To do so, go to the Assignments tab and click Assign > Assign to Groups.
- With the Assign <Application Name> to Groups window opened, click on the Assign button for all the groups you want to give access to and click Done to apply the changes.
- Once back on the application’s details, go to the General tab, scroll down to the Client Credentials section and locate the generated Client ID and Client secret. Copy the values of these using the Copy to Clipboard buttons available and send it to your Bevy PoC using a secure channel (Keybase, PGP encrypted message, etc.), together with your Okta’s instance domain name (e.g.,bevylabs.okta.com).
Use https://<your-domain>/accounts/oidc/login/
to configure this provider for service provider-initiated SSO. For example, https:/bevy.com/accounts/oidc/login/
To configure this provider for service provider-initiated single sign-on, use the following URL: https://<your-domain>/accounts/oidc/login/