This feature is available to AppSheet Enterprise Plus accounts only. See What features are supported with each subscription?
Okta authentication allows for user authentication for your apps. It is similar to using an OpenID provider but allows for Okta-specific features such as group controls to be used. For example, you may want to limit access to certain apps to the Sales Team and others to the Support Team. Using Okta as an authentication source allows this.
To set up authentication there are three steps:
Create an Okta application
First, create a single sign-on application for AppSheet inside the Okta console .
- In the Application tab, click Add Application.
- Set the application type to Web.
- Set the callback URLs to be https://www.appsheet.com/Account/ELC and http://localhost:53519/Account/ELC.
Note: Be sure to copy the callback URLs exactly; capitalization is important. The second callback URL, with the localhost, is not strictly required; it would only be necessary if you want to request AppSheet to debug your application in the future. - Optionally, add the user groups that you would like AppSheet to have access to.
- Click Done.
The following provides an example of the settings.
For more details on what each field means visit Setting up an auth-code application in the Okta documentation. - Configure Okta to allow for Group Claims. See Okta's article on how to Customize tokens returned from Okta with custom claims
.
Note: Take note of the ID of the Okta group you create in this step. You'll need it when configuring AppSheet in the next step.
Unable to fetch group membership. The most likely reason is that your Okta config has not enabled group claims filter as Regex *.
Configure AppSheet
Add Okta as an Auth Provider.
- Ensure your account has the Business plan so that you can use the Company Domain Authorization feature.
- Go to the Integrations > Auth Domainpane and click + New Auth Domain.
- Select Oktafrom the list
- Fill out the form which requires four fields:
- Client ID, Client Secret: From the Okta application settings
- Domain: From the Okta console. For example:
https://dev-12345.okta.com
- Click Authorize Access.
Okta is added to the list of authentication domains and you can now add it to your apps. - Open your app in the editor.
- Go to the Security > Domain Authenticationpane.
- Enable the Require domain authentication option.
- Select the Okta domain source you created previously in the Authentication domain sourcedrop-down.
- In the Restrict by domain field, enter Default.
- Click Add to add the name of the Okta group, app role, and app version to authorize access. Group names are case-senstive.
- Click Save.
It is important to note that, due to caching, adding or removing a new member from an Okta group takes up to 15 minutes to take effect.
Sign in using an Okta group
Share the app with your end users, as described in Share: The Essentials . When the end user accesses the app, they will be prompted to sign in to the Okta group.
That's it! You should be able to sign-in as a member of the specified group.
