Okta SSO Setup Guide - Custom App
How to setup Reclaim for authentication via Okta
Stevan Arychuk avatar
Written by Stevan Arychuk
Updated over a week ago

Overview

This guide is intended to help get Reclaim.ai setup for authentication via Okta.

If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].

Pre-Requirements

  1. Setup on a Reclaim.ai Enterprise Plan

  2. Have your domain enabled/configured for SSO on Reclaim.ai

  3. Your Reclaim.ai Customer SSO Slug

  4. Administrator access to your Okta Account/Dashboard

For 1-3 - work with your Reclaim.ai contact/rep.

Create a new App Integration in Okta

This step will create a new custom application integration for Reclaim.ai in Okta.

Reclaim.ai has been submitted to Okta for approval in their App Catalog, and this guide will be updated when that is complete. For now, follow the steps below to setup Reclaim.ai as a custom Application Integration.

  1. Login to Okta as an Admin

  2. From the Left nav: Applications->Applications

  3. From the Applications screen, click “Create App Integration”

  4. From the “Create a new app integration” pop-up:

    1. Select OIDC - OpenID Connect for “Sign-in method”

    2. Select Web Application for “Application Type”

    3. Click the “Next” button

  5. From the “New Web App Integration” screen, enter the following:

    1. App integration name: Reclaim.ai

    2. Logo: If you wish to upload a logo, which be helpful to end-users, feel free to use the following: https://avatars.githubusercontent.com/u/52470885?s=200&v=4

    3. Grant type Client acting on behalf of a user:

      1. Authorization Code should be checked ☑️

    4. Sign-in redirect URIs: https://api.app.reclaim.ai/oauth/callback/<Customer SSO SLUG>

    5. Sign-out redirect URIs: https://api.app.reclaim.ai/logout


    6. Trusted Origins:

    7. Assignments:

      1. Controlled access: Whatever is appropriate for your org

  6. Click the SAVE button

Provide Okta Client ID and Secret to Reclaim.

The last step is to provide Reclaim with the client id and secret of the application you just created. This is sensitive information so should be provided in a secure manner! Suggestions on how to do so are included below.

We will also need your Okta issuer id, this usually something like <your org>.okta.com.

The Client ID and Secret is available on the “General” for the Reclaim.ai application we just created.

To send us your Client ID and Secret, feel free to use whatever One-time Secret tool/website you usually use, or another secure communication channel of your preference.

Otherwise, we typically use and recommend: https://onetimesecret.com/

Simply enter the Client ID and Secret as separate lines and choose a reasonable expiration and send us the link. If you would like to password protect it please feel free to do so and send us that via a different channel (ie: Slack, Zoom call, etc..).

Once we have the client id and secret we will configure the login on the Reclaim side to redirect to this configuration for your domain.

Did this answer your question?