Authenticating with OKTA via OpenID Connect

Click the create App Integration button.

Select the following options and then click Next.

Enter the following information and then click the Save button.

App Integration Name:
EzeScan WebApps

Grant Type:
Implicit (hybrid)

Sign-in redirect URIs:
https://server.domain.com/signin-oidc

Sign-out redirect URIs:
https://server.domain.com/signout-callback-oidc

Controlled Access:
Allow everyone in your organization to access

After the application has been created click the copy button next to the Client ID and record this down for later use.

Locate the appsettings.json file found in the root directory of your EzeScan WebApps installation directory.

Edit the appsettings.json file using your favorite text editor and modify the Authentication section to contain the following:

"Authentication":{
      "EnableApiKey":true,
      "Providers":{
         "OpenIdConnect": {
            "Scope": ["openid", "profile", "email", "groups"],
            "SaveTokens": true,
            "Authority": "https://dev-56650000.okta.com",
            "ClientId": "0oaaizbuuki3vGHdj5d7",
            "MetadataAddress": "https://dev-56650000.okta.com/.well-known/openid-configuration",
              "TokenValidationParameters": {
                 "NameClaimType": "name",
                 "RoleClaimType": "groups"
               }
         }
      }
   }

Save the appsettings.json file.

Restart the IIS App Pool that runs EzeScan WebApps.

Navigate to your EzeScan WebApps site and click the Login button.

Try logging in as a valid OKTA user.

After successfully logging in you will be redirected back to EzeScan WebApps and in the top right hand corner you should see your display name.

Navigate to the user settings by clicking on the username in the top right and clicking the Settings option in the drop down.

Confirm that the users email address is displaying correctly.