Setup

Before you can implement authorization, you need to register the Teleskope application in Okta by creating an app integration from the Admin Console.

1. Open the Admin Console for your org.
2. Choose Applications to view the current app integrations.
3. Click Create App Integration.
4. Select OIDC - OpenID Connect as the Sign-in method.
5. Select Web Application as the Application type, then click Next.
6. Enter the Teleskope for the App integration name.

Note: When creating a web app, Authorization Code is selected as the default and isn't editable since it's a required Grant type.

7. In the Sign-in redirect URIs box, enter the callback location where Okta returns the browser. Example: https://teleskope-provided-uri/auth/okta/callback.
8. Optionally, for the Sign-out redirect URIs enter your Teleskope Dashboard URI.
9. Fill in the remaining details for your app integration, then click Save.
10. From the General tab of your app integration, save the generated Client ID, Client secret, and Issuer values to implement the authorization flow. You will need these to setup Okta in Teleskope.

Note: Issuer - This is the URL of the authorization server that will perform authentication. All Developer Accounts have a "default" authorization server. The issuer is a combination of your Org URL (found in the upper right of the console home page) and /oauth2. For example, https://company.okta.com/oauth2.

Note: You will need to create an Okta bookmark app in order to see the Teleskope Icon in a users Okta Dashboard. For more information, see: https://support.okta.com/help/s/article/How-do-you-create-a-bookmark-app?language=en_US

Provisioning

Teleskope supports JIT provisioning by default, so be cognizant of what users and groups are assigned to the Teleskope-Okta App.

To exempt a new user from Okta, and instead have them sign in with google auth, reach out to your Teleskope representative.