Documentation
Agora Basics
Console 官网 Community Technical support
English
search-icon

Log in to Agora through Okta

Last updated 2022/05/24 10:23:42

If your team uses Okta as an Identity Provider (IdP), you can manage team members' access to Agora Console through Security Assertion Markup Language (SAML) and System for Cross-domain Identity Management (SCIM), so that your team members can log in to Agora using their Okta accounts.

This page shows how to configure SAML and SCIM using Okta.

Prerequisites

Before proceeding, ensure that you meet the following requirements:

  • You use Okta as the IdP for your app.
  • You have an Okta developer account that has administrative privileges.
  • You have an Agora account that has the role of Admin.

Procedure

This section walks you through the steps to configure SAML and SCIM.

1. Create a SAML integration for Agora in Okta

Follow these steps to create a SAML integration in Okta:

  1. Sign in to your Okta developer account as a user with administrative privileges.

  2. Click Admin in the upper right corner.

  3. Go to Applications > Applications, and click Create App Integration.

  4. In the Sign-in method section, select SAML 2.0, and click Next.

  5. On the General Settings tab, enter a name for this integration (for example, Agora), and click Next.

  6. On the Configure SAML tab, fill in the following information:

    • In the Single sign on URL field, enter https://sso2.agora.io/api/v0/saml/idp/callback.
    • In the Audience URI (SP Entity ID) field, enter https://sso2.agora.io/{companyId}/saml/SSO, and replace {companyId} with your value from company settings in Agora Console.
    • In the Attribute Statements (optional) section, add the following attribute:
      Name Value
      email user.email

    After filling in the information, scroll to the bottom, and click Next.

  7. On the Feedback tab, select I'm an Okta customer adding an internal app and This is an internal app that we have created, and click Finish.

2. View IdP information in Okta

After creating the Agora integration, follow these steps to find the IdP information that is required in the next step:

  1. In the Okta Console, click the Sign On tab for the Agora integration.
  2. Click View Setup Instructions.
  3. You see the following information:
    • Identity Provider Single Sign-On URL (At the end of this procedure, your team members use this URL to sign in to Agora Console)
    • Identity Provider Issuer
    • X.509 Certificate

3. Configure SAML settings

Follow these steps to configure the SAML settings in Agora Console:

  1. Sign in to Agora Console as an Admin.
  2. Click your username in the top-right corner, and click Setting in the dropdown menu.
  3. In the left navigation menu, click SSO management.
  4. In the SAML Configuration section, paste your Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate (including the BEGIN CERTIFICATE and END CERTIFICATE lines) from the View IdP information step.
  5. Click Save.

4. Manage access (using SCIM)

You can use one of the following ways to manage members's access to Agora Console:

  • Manual management: When you add, manage, and remove member's access, you need to make changes both in Okta and Agora Console.
  • Automatic management: SCIM automatically adds, manages, and removes members' access to Agora
    Console when you make changes in Okta.
Agora and Okta associate your team members based on email addresses. Ensure that for each team member, the email address used for their Agora accounts is the same as that used for their Okta accounts.

Manual management

  1. In Agora Console, add team members and choose their roles. For details, see Manage Members and Roles.
  2. Navigate to the Okta Console.
  3. Go to Directory > People. Ensure that the email address of each team member is the same as that in Agora Console.
  4. Go to Applications > Applications, and click the Agora integration.
  5. Click the Assignments tab.
  6. Click Assign, and select Assign to People.
  7. Enter the team members that need to sign in to Agora Console, and then click Assign for each.
  8. Click Done.

Automatic management using SCIM

  1. On the SSO management page in Agora Console, turn on the switch under SCIM API Basic Auth. A set of Username and Password is generated.
  2. Navigate to the Okta Console.
  3. Click the General tab under the Agora integration, and click Edit. In the Provisioning section, select SCIM and click Save.
  4. Click the Provisioning tab.
  5. Click Settings > Integration.
  6. Click Edit, and make the following changes:
    • Specify SCIM connector base URL .
    • In Unique identifier field for users, enter email.
    • Under Supported provisioning actions, select all the checkboxes.
    • In the Authentication Mode dropdown menu, select Basic Auth.
    • Under the Basic Auth section, paste the username and password from the SSO management page in Agora Console.
  7. Assign the Agora integration to your team members. For details, see Assign applications to users.

5. Test your integration

To test your integration, ask a team member to follow these steps:

  1. Open your Identify Provider Single Sign-On URL in a browser.
  2. Enter the Okta username and password.
    If the username and password are correct, the team member is redirected to Agora Console.

Alternatively, if you have configured SCIM, ask a team member to follow these steps:

  1. Sign in to their Okta accounts.
  2. On the My Apps page, click the Agora integration. The team member is redirected to Agora Console.

See also