Knowledge base
Requests
Documentation
New Request
Find answers fast
In this article
Create a New Web App IntegrationGeneral SettingsGeneral Settings - Application ConfigurationsAssign People to the AppConfigure Smallstep
Home
Official Documentation

Logging into the Smallstep Dashboard using OKTA

Edited

The following steps will allow certain OKTA users to log into the Smallstep Dashboard using their OKTA credentials.

Create a New Web App Integration

Leave all other settings as default until you have confirmed users can successfully log into the Smallstep Dashboard using their OKTA account for logging in.

  • Load the Applications page and click the Create App Integration button.

  • Sign-in Method: OIDC - OpenID Connect

  • Application Type: Web Application

  • Clicking Next will bring you to general app settings that need to be adjusted.

General Settings

Make the following changes to the general settings of this new app integration.

  • App Integration name: (”Smallstep Dashboard”, “Smallstep Console”, etc.)

  • Sign-in redirects URIs: Replace the default localhost with: https://api.smallstep.com/auth/openid/callback

  • Assignments → Controlled access: Skip group assignment for now

  • Click Save

General Settings - Application Configurations

  • On the General tab for this app, copy the generated Client ID and Client Secret for later.

  • Under the General Settings sub-section, click the Edit button, and change the following:

    • Under “Grant type”, expand the Advanced options and under “Other grants”, check the box for Implicit (hybrid), ensuring the “Allow ID Token with implicit grant type” box is checked as well.

  • Click Save

Assign People to the App

  • On the same application configuration page, select the “Assignments” tab.

  • Click (down arrow button) AssignAssign to People and assign each user who will be permitted to interact with the app.

  • Click Done

Configure Smallstep

  • Log in to your Smallstep account, click the gear icon (top right), select “User Management,” and click "Connect for OKTA.

  • Insert the Client ID and Client Secret you had previously copied from the Application settings in OKTA.

  • Insert the Configuration endpoint with the following format: https://{your Okta domain}/.well-known/openid-configuration

  • Click Save

Ensure that each person you assign to the App in OKTA has a Dashboard user with either an Admin or Owner role. If there isn’t a 1:1 match between users, they will not be authorized to log into the Dashboard.

Important Note: Case sensitivity of email address. If the email addresses in OKTA and Smallstep don’t have the same case, users may not be authorized to log into the Dashboard. The email address case must match between both systems.

OKTA
SSO
Login
Signin
OIDC

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Support Report
Privacy Policy