Authenticating with OKTA via OpenID Connect

OKTA Configuration

1	Click the create App Integration button.
2	Select the following options and then click Next.
3	Enter the following information and then click the Save button. App Integration Name: EzeScan WebApps Grant Type: Implicit (hybrid) Sign-in redirect URIs: https://server.domain.com/signin-oidc Sign-out redirect URIs: https://server.domain.com/signout-callback-oidc Controlled Access: Allow everyone in your organization to access
4	After the application has been created click the copy button next to the Client ID and record this down for later use.

1	Locate the appsettings.json file found in the root directory of your EzeScan WebApps installation directory.
2	Edit the appsettings.json file using your favorite text editor and modify the Authentication section to contain the following: JavaScript `"Authentication":{ "EnableApiKey":true, "Providers":{ "OpenIdConnect": { "Scope": ["openid", "profile", "email", "groups"], "SaveTokens": true, "Authority": "https://dev-56650000.okta.com", "ClientId": "0oaaizbuuki3vGHdj5d7", "MetadataAddress": "https://dev-56650000.okta.com/.well-known/openid-configuration", "TokenValidationParameters": { "NameClaimType": "name" }, "PushedAuthorizationBehavior": "Disable" } } }` You will need to substitute the value of "ClientId" with the "Client Id" from your application setup in OKTA. You will need to substitute “dev-56650000.okta.com” with your OKTA domain.
3	Save the appsettings.json file.
4	Restart the IIS App Pool that runs EzeScan WebApps.
5	Navigate to your EzeScan WebApps site and click the Login button.
6	Try logging in as a valid OKTA user.
7	After successfully logging in you will be redirected back to EzeScan WebApps and in the top right hand corner you should see your display name.
8	Navigate to the user settings by clicking on the username in the top right and clicking the Settings option in the drop down.
9	Confirm that the users email address is displaying correctly.