Single Sign-On - Integration between Okta and TUNE (Okta side)
TUNE offers SSO as a paid add-on; reach out to your Customer Success Manager, Sales Representative, or our support team at support@tune.com to get started if it’s not already enabled on your account.
This article covers the Okta side of the SSO setup. If you need guidance on how to set up your integration in TUNE, you can find instructions here.
Getting started with Single Sign-on
Single Sign-On is available for employee users. The Single Sign-On feature is managed under Company - Customize Application - Settings.
Okta Interface
You can use the Application Integration Wizard (AIW) in the Admin Console to create your app integration instance. This instance provides you with client credentials or metadata for you to test your SSO flows.
Configuration
1. Sign in to your developer-edition Okta org as a user with administrative privileges
2. Go to Applications > Applications in the Admin Console
3. Click Create App Integration
4. On the Create a New App Integration page, select OpenID Connect in the Sign-in method section
5. Choose Web Application as the Application type for your integration and click Next
6. In General Settings, enter a name for your integration and (optionally) upload a logo
7. Add your Sign-in redirect URIs as https://yournetwork.hasoffers.com/sso_login and optional Sign-out redirect URIs as https://yournetwork.hasoffers.com/logout
8. In Assignments, assign a group or leave the Everyone default. Be sure to verify that the users you want to have access to are assigned to the group that you select and click Save
Credentials
Upon creation, the interface will show the Application detail page where the settings are listed and the credentials you need to provide TUNE to integrate with OKTA for SSO completion.
1. From Client Credentials, copy the Client ID and Client Secret, which are required to connect TUNE with OKTA
2. For Issuer URL: Go to Security > API. In the Authorization Servers tab, copy the Issuer URI
Assignments
When setting up or maintaining users, you can assign the app integrations that Okta displays on your End-User Dashboard. You can assign app integrations individually or assign them to groups.
In the Assignments Tab, assign a group or leave the Everyone default setting. Be sure to verify that the users you want access to are assigned to the group you select. For instructions on assigning the app integration to individual users and groups, see the Assign app integrations topic in the Okta product documentation.
There are three ways to assign individual app integrations.
1. Select the Assignments tab
2. Click the Assign dropdown menu
3. Choose either Assign to People or Assign to Groups
4. An Assign {app name} to People or Assign {app name} to Groups dialog appears, listing the available end users or groups not already assigned to the selected app integration.
5. Click Assign next to each user or group for which you want this app integration assigned. For users, you may need to complete the Attributes dialog
6. After you have assigned the app integration to the required users or groups, click Done
Connect TUNE with Okta
To connect TUNE with OKTA to establish the communication for SSO, you will need to provide the credentials you created in the previous step (Issuer URL, Client ID, Client Secret). Please take a look at the complete guide here.
Test Your Integration
1. Sign out of both your administrator account in your OKTA development organization and your TUNE application
2. In your browser, begin the sign-in process to the TUNE application through your application's sign-in button or directly by pasting one of the Sign-in redirect URIs into your web browser address bar. (Regardless of which method you choose, your browser must end up at the Okta-hosted sign-in page)
3. Sign into your regular user account on the Okta-hosted sign-in page
4. Confirm that Okta successfully redirects back into your TUNE application
Troubleshooting Issues
If you run into issues with your sign-in process, you can try the following to troubleshoot the issues:
- In the Admin Console of your Okta development org, go to Reports > System Log and examine any failure messages reported
- Open the Admin Console in your web browser and examine any status messages related to your authentication request. The console errors have status codes in the 4XX range. Investigate and resolve any error messages generated by your sign-in request.
- Post your questions on either the Okta Developer Forum or on Stack Overflow.