{"id":94783,"date":"2023-10-13T11:52:07","date_gmt":"2023-10-13T15:52:07","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=94783"},"modified":"2024-04-29T17:38:41","modified_gmt":"2024-04-29T21:38:41","slug":"configure-okta-as-an-identity-provider","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider","title":{"rendered":"Configure Okta as an Identity Provider"},"content":{"rendered":"\n<p>Integrate an existing Identity Provider (IdP) with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul>\n<li>You need to have Admin with Billing permissions to configure an IdP.&nbsp;<\/li>\n\n\n\n<li>You need to have a valid Okta account with admin permissions.<\/li>\n\n\n\n<li>All JumpCloud users must have unique company email addresses, and the email of the JumpCloud user and external IdP email used for Federation must match.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong><\/p>\n\n\n\n<ul>\n<li>Federated authentication will be applied to only specific user groups. See <a href=\"https:\/\/jumpcloud.com\/support\/routing-policies-for-identity-providers\">Routing Policies for Identity Providers<\/a> to learn more. <\/li>\n\n\n\n<li>Creating the IdP won&#8217;t automatically result in users logging in with that IdP. <\/li>\n\n\n\n<li>User Portal access will be available with a federated login. If you don&#8217;t want User Portal access, you can create a policy to deny this, see <a href=\"https:\/\/jumpcloud.com\/support\/get-started-conditional-access-policies\">Get Started: Conditional Access Policies<\/a>.<\/li>\n\n\n\n<li>If Password Sync is disabled on the Okta SCIM provisioning connector, Okta will still send JumpCloud a random value for the password. This will result in the User\u2019s password status to show as \u201cActive\u201d.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Preparing your IdP to Configure with JumpCloud<\/strong><\/h2>\n\n\n\n<p><strong>To prepare your connection:<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to your Okta account.&nbsp;<\/li>\n\n\n\n<li>In the left navigation menu, click <strong>Applications<\/strong> &gt; <strong>Applications<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Create App Integration<\/strong>, then in the next modal, for <strong>Sign-in method<\/strong>, select <strong>OIDC &#8211; OpenID Connect<\/strong>.&nbsp;<\/li>\n\n\n\n<li>For <strong>Application type<\/strong>, select <strong>Web Application<\/strong> &gt; <strong>Next<\/strong>.&nbsp;<\/li>\n\n\n\n<li>On the next page, for <strong>App integration name<\/strong>, enter a name associated with JumpCloud.&nbsp;<\/li>\n\n\n\n<li>For <strong>Grant type<\/strong> &gt; leave the default selection.&nbsp;<\/li>\n\n\n\n<li>Under <strong>Sign-in redirect URIs<\/strong>, there is a link populated by default that needs to be replaced with this link: <code>https:\/\/login.jumpcloud.com\/oauth\/callback<\/code><\/li>\n\n\n\n<li>For <strong>Sign-out redirect URIs<\/strong>, click the \u2018<strong>X<\/strong>\u2019 next to the link to clear it.&nbsp;<\/li>\n\n\n\n<li>Under <strong>Assignments<\/strong>, select <strong>Allow everyone in your organization to access<\/strong>, unless you only want this applicable to certain groups, in which case select <strong>Limit access to selected groups<\/strong> and then enter the groups you want and click <strong>Save<\/strong>.&nbsp;<\/li>\n\n\n\n<li>If you Allow everyone in your org to access, another option will appear under <strong>Enable immediate access (Recommended)<\/strong>. Select <strong>Enable immediate access with Federation Broker Mode<\/strong> to require users to authenticate through JumpCloud.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.&nbsp;<\/li>\n\n\n\n<li>On the next page, you can manage your app.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>Now you have a connection to JumpCloud in Okta. Next, you\u2019ll want to configure the connection in JumpCloud.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Configuring Okta as an IdP in JumpCloud<\/strong><\/h2>\n\n\n\n<p><strong>To configure Okta:<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to your <a href=\"https:\/\/console.jumpcloud.com\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Click <strong>DIRECTORY<\/strong> <strong>INTEGRATIONS<\/strong> &gt; <strong>Identity Providers<\/strong>.<\/li>\n\n\n\n<li>Click the <strong>Add Identity Provider<\/strong> dropdown menu, and select <strong>Okta<\/strong>.<\/li>\n\n\n\n<li>Enter an <strong>Identity Provider Name<\/strong>* as a display name (i.e. Okta IdP).<\/li>\n\n\n\n<li>Next, you\u2019ll need to copy\/paste the following information from your Okta account into the required fields in JumpCloud:\n<ul>\n<li><strong>Okta IdP URL*<\/strong>\n<ul>\n<li>From your Okta account, click your email in the top right corner, under your name and Okta email address, there is a URL with .okta.com at the end. This is your Okta IdP URL.<\/li>\n\n\n\n<li><strong>Note<\/strong>: \u201c.well-known\/openid-configuration\u201d will be appended to the end of your Okta tenant URL, allowing for JumpCloud to obtain all the relevant OIDC endpoints from the hosted file.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Client ID*<\/strong>\n<ul>\n<li>Click <strong>Application<\/strong> &gt; <strong>General<\/strong>, then under <strong>Client Credentials<\/strong> is where your <strong>Client ID <\/strong>lives.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Client Secret*<\/strong>\n<ul>\n<li>Under <strong>CLIENT SECRETS<\/strong> is where you can copy your current <strong>Client Secret<\/strong>, or <strong>Generate new secret<\/strong>.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>. You\u2019ll be prompted to verify that you want to enable Federated Device Authentication for your users\u2019 login. Select <strong>I understand the impacts above<\/strong>, then click <strong>Yes, Continue<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Managing the IdP&nbsp;<\/strong><\/h2>\n\n\n\n<p><strong>To manage the IdP:<\/strong><\/p>\n\n\n\n<ol>\n<li>From your <a href=\"https:\/\/console.jumpcloud.com\">JumpCloud Admin Portal<\/a>, click <strong>DIRECTORY<\/strong> <strong>INTEGRATIONS<\/strong> &gt; <strong>Identity Providers<\/strong>.<\/li>\n\n\n\n<li>You can update the name, Okta IdP URL, Client ID, and Client Secret.&nbsp;<\/li>\n\n\n\n<li>Under <strong>Authentication<\/strong>, you\u2019ll see that Federation is applied to your users, allowing them to authenticate with an IdP. <\/li>\n\n\n\n<li>Under <strong>Device Account Provisioning<\/strong>, you can configure either <strong>Self Service Account Provisioning<\/strong> or <strong>Automated Device Enrollment<\/strong> for whichever OS you\u2019re provisioning. The <strong>Status<\/strong> displays either Enabled or Disabled accordingly, click <strong>Configure<\/strong> to edit.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>See <a href=\"https:\/\/jumpcloud.com\/support\/get-started-self-service-account-provisioning\">Provision New Users on Device Login<\/a> and <a href=\"https:\/\/jumpcloud.com\/support\/configure-ade\">Automated Device Enrollment<\/a> to learn more.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Deleting the IdP<\/strong><\/h2>\n\n\n\n<p><strong>To delete the IdP:<\/strong><\/p>\n\n\n\n<ol>\n<li>From your <a href=\"https:\/\/console.jumpcloud.com\">JumpCloud Admin Portal<\/a>, click <strong>DIRECTORY<\/strong> <strong>INTEGRATIONS<\/strong> &gt; <strong>Identity Providers<\/strong>.<\/li>\n\n\n\n<li>At the bottom of the IdP Configuration page, under <strong>Delete Identity Provider<\/strong>, click <strong>Delete IdP<\/strong>.&nbsp;<\/li>\n\n\n\n<li>You\u2019ll be prompted to confirm your deletion, then click <strong>Yes, Delete<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Additional Resources:<\/strong><\/p>\n\n\n\n<p>Walk through a guided simulation for <a href=\"https:\/\/university.jumpcloud.com\/courses\/simulation-configure-okta-as-an-identity-provider\">Configuring Okta as an Identity Provider<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Integrate an existing Identity Provider (IdP) with JumpCloud to allow users to securely authenticate using their IdP credentials to gain [&hellip;]<\/p>\n","protected":false},"author":207,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2845],"support_tag":[3155],"coauthors":[2843],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configure Okta as an Identity Provider - JumpCloud<\/title>\n<meta name=\"description\" content=\"Integrate Okta with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configure Okta as an Identity Provider\" \/>\n<meta property=\"og:description\" content=\"Integrate Okta with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T21:38:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"sashaharrington\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider\",\"url\":\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider\",\"name\":\"Configure Okta as an Identity Provider - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-10-13T15:52:07+00:00\",\"dateModified\":\"2024-04-29T21:38:41+00:00\",\"description\":\"Integrate Okta with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Configure Okta as an Identity Provider\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configure Okta as an Identity Provider - JumpCloud","description":"Integrate Okta with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider","og_locale":"en_US","og_type":"article","og_title":"Configure Okta as an Identity Provider","og_description":"Integrate Okta with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.","og_url":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider","og_site_name":"JumpCloud","article_modified_time":"2024-04-29T21:38:41+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"sashaharrington"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider","url":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider","name":"Configure Okta as an Identity Provider - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-10-13T15:52:07+00:00","dateModified":"2024-04-29T21:38:41+00:00","description":"Integrate Okta with JumpCloud to allow users to securely authenticate using their IdP credentials to gain access to their managed resources.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/configure-okta-as-an-identity-provider#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Configure Okta as an Identity Provider"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/94783"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/207"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/94783\/revisions"}],"predecessor-version":[{"id":109662,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/94783\/revisions\/109662"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=94783"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=94783"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=94783"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=94783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}