This article applies to:Available in these QorusDocs Editions:

Enterprise+, Proposal Pro, QPilot Essential

Overview
QorusDocs makes use of the OAuth2 protocol to manage access to the application and customer's resources. Users would add the QorusDocs application to their Azure Active Directory and permit it to access resources like SharePoint Online and OneDrive on their behalf. QorusDocs has been extended to support the OIDC protocol for use with Identity management systems like Okta.

What is Okta and what is it used for?

Okta is a customizable, secure, and drop-in solution to add authentication and authorization services to your applications. Okta connects any person with any application on any device. It's an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications. With Okta, IT can manage any employee's access to any application or device.

What is OIDC and what is it used for?

It is an open authentication protocol that profiles and extends OAuth 2.0 to add an identity layer. OIDC allows clients to confirm an end user's identity using authentication by an authorization server. It is an authentication protocol which allows to verify user identity when a user is trying to access a protected HTTPs end point.

Configuration overview

Follow these general steps to set up your environment to use OIDC.

1. Create the application integration in Okta.
2. Extract information needed by QorusDocs team.
3. Configure the application integration in Okta.
4.  Test

Prerequisites

To perform the configuration, you will need:

1. An Okta user that has permissions to create and configure an “application integration” within your Okta portal.

Step 1: Configure app integration in Okta

To configure the OIDC in Okta, you need to create a dedicated app integration.

Create the app integration

Sign into the Okta portal.

Select the “Applications” drop down, and then select “Applications”.

To add a new application, select “Create App Integration”.

Sign in method -> Select “OIDC” checkbox

Application Type -> Select “Web Application” Checkbox.

Click Next.

Under General Settings for the New Web App Integration

App Integration name -> e.g. QorusDocs OIDC

Grant type:

Select “Refresh Token” Checkbox.

Assignments:

The option that is suitable to your environment.

Leave all other options as the defaults, Click on Save.

Step 2: Extract information needed by QorusDocs team

The newly created OIDC app should still be open.

Copy the “Client ID”.

Copy the “Client Secret”.

Copy the “Okta Domain”.

The email address of the Primary Admin for the QorusDocs Hub (This user will be the Primary Admin user within the QorusDocs Hub, in most cases the technical resource setting up the integration).

This information can be sent securely via the most appropriate method that suites your company standards. Information should be sent to the QorusDocs employee assisting you with the initial setup.

Step 3: Configure app integration in Okta

QorusDocs will send you the following information:

-> Sign-in redirect URI

-> Sign-out redirect URI

Sign into the Okta portal.

Select the “Applications” drop down, and then select “Applications”.

Click on the blue writing of OIDC you initially created in Step 1.

Click Edit on General settings.

Update Sign-in redirect URI.

Update Sign-out redirect URI.

Click "Save".

Open Assignments tab, ensure you have the correct group/users assigned.

Step 4: Test

Your technical resource can now log in and ensure that everything works as expected.