Overview
This guide is intended to help get Reclaim.ai setup for authentication via Okta.
If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].
Pre-Requirements
Setup on a Reclaim.ai Enterprise Plan
Have your domain enabled/configured for SSO on Reclaim.ai
Your Reclaim.ai Customer SSO Slug
Administrator access to your Okta Account/Dashboard
For 1-3 - work with your Reclaim.ai contact/rep.
Create a new App Integration in Okta
This step will create a new custom application integration for Reclaim.ai in Okta.
Reclaim.ai has been submitted to Okta for approval in their App Catalog, and this guide will be updated when that is complete. For now, follow the steps below to setup Reclaim.ai as a custom Application Integration.
Login to Okta as an Admin
From the Left nav: Applications->Applications
From the Applications screen, click “Create App Integration”
From the “Create a new app integration” pop-up:
Select OIDC - OpenID Connect for “Sign-in method”
Select Web Application for “Application Type”
Click the “Next” button
From the “New Web App Integration” screen, enter the following:
App integration name: Reclaim.ai
Logo: If you wish to upload a logo, which be helpful to end-users, feel free to use the following: https://avatars.githubusercontent.com/u/52470885?s=200&v=4
Grant type Client acting on behalf of a user:
Authorization Code should be checked ☑️
Sign-in redirect URIs: https://api.app.reclaim.ai/oauth/callback/<Customer SSO SLUG>
Sign-out redirect URIs: https://api.app.reclaim.ai/logout
Trusted Origins:
Base URIs: https://app.reclaim.ai/
Assignments:
Controlled access: Whatever is appropriate for your org
Click the SAVE button
Provide Okta Client ID and Secret to Reclaim.
The last step is to provide Reclaim with the client id and secret of the application you just created. This is sensitive information so should be provided in a secure manner! Suggestions on how to do so are included below.
We will also need your Okta issuer id, this usually something like <your org>.okta.com.
The Client ID and Secret is available on the “General” for the Reclaim.ai application we just created.
To send us your Client ID and Secret, feel free to use whatever One-time Secret tool/website you usually use, or another secure communication channel of your preference.
Otherwise, we typically use and recommend: https://onetimesecret.com/
Simply enter the Client ID and Secret as separate lines and choose a reasonable expiration and send us the link. If you would like to password protect it please feel free to do so and send us that via a different channel (ie: Slack, Zoom call, etc..).
Once we have the client id and secret we will configure the login on the Reclaim side to redirect to this configuration for your domain.