Okta as an Identity Provider

Table of Contents


Using Okta as an identity provider streamlines the login experience for you and your team.

Prerequisites

To proceed with configuring login with SSO through Okta, you must:

  • Have administrator access to an Okta organization
  • Have administrator access to a DNSimple account
  • Have the Okta integration feature enabled on your DNSimple account

Supported Features

  • SP-initiated Single Sign-On (SSO): This authentication flow occurs when the user attempts to log in to DNSimple from Okta.
  • Import Users: Manage who can access your DNSimple account by assigning users to the Okta application
  • Single Log Out (SLO): Users can log out of their DNSimple session by logging out of their Okta session.

Video walk-through

Logging in via Okta

You’ll need to link an Okta organization to your DNSimple account before your team members can log in via Okta SSO.

Once an Okta organization is linked to a DNSimple account, any member of the Okta organization can request access to the DNSimple account by attempting to log in via Okta using the respective Okta domain.

Once they are granted access, they can log in directly via Okta. If the user logs out of Okta, they will be logged out of DNSimple.

Linking an Okta organization to a DNSimple account

Follow the instructions below to connect DNSimple to your Okta organization.

Adding the DNSimple App to Okta

DNSimple’s Okta app integration is pending review and not yet available for installation via the Okta Integration Network. For now, you can use Okta as an Identity Provider by creating your own custom Okta app integration to work with DNSimple by following these steps:

  1. Log in to your organization’s Okta dashboard as an administrator.
  2. Go to the page, then click Create App Integration.
  3. Select as the Sign-in method and as the Application type.
    Create App Integration
  4. Enter “DNSimple App Integration” or something appropriate for the field.
  5. Under , uncheck “Client Credentials” and keep “Authorization Code” as the only option checked.
  6. Under , add the URIs:
    • https://dnsimple.com/identity_providers/okta/callbacks/users/login
    • https://dnsimple.com/identity_providers/okta/callbacks/accounts/link
    • https://dnsimple.com/identity_providers/okta/callbacks/users/link
  7. Under
  8. Under , select “Skip group assignment for now”.
    Create App Integration form
  9. Click
  10. You should be redirected to the viewing page for the newly created “DNSimple App Integration”.
  11. Note your Client ID, Client Secret, and Okta domain. You’ll need them when configuring DNSimple for Okta SSO.
    Okta client details
  12. Click the
  13. From the page, you can give users and groups from your Okta directory permission to sign in to DNSimple via Okta as an identity provider.
    Assign users and groups
  14. Click the tab.
  15. Look for the okta.eventHooks.manage and okta.eventHooks.read scopes, and click for each of them.
  16. Verify the okta.eventHooks.manage and okta.eventHooks.read scopes have been granted.
    Granted scopes

Configuring DNSimple for Okta SSO

  1. At DNSimple, go to the page, and click the tab.
  2. Click to authorize the Workspace.
  3. Fill in the Okta domain, client ID, and client secret, then click
  4. After logging in via Okta, you will arrive back on the DNSimple Single Sign-On page with Okta SSO enabled for the account.
  5. Repeat the process for each account where you want Okta SSO enabled.

When configuring Okta SSO, DNSimple creates an event hook in the Okta organization to listen and react to membership changes. If multiple configurations are made to the same Okta organization, only a single hook is created.

If the Okta app is no longer linked (e.g. access token is revoked or event hook removed), you can re-link the Okta application using the “Reauthorize with Okta” button.

Reauthorize with Okta

Assigning People or Groups

To give people access to DNSimple, click “Assignments” under the configured DNSimple app in your Okta dashboard. Click “Assign”, and select the appropriate users.

If an assigned user does not already have a matching DNSimple user with the same email address, a DNSimple user will be provisioned for them, and the DNSimple account admin will receive a notification that they have been added.

If an assigned user already exists, they will need to link their DNSimple user to their Okta identity on the User Settings page within DNSimple before they can log in to DNSimple with their Okta identity.

The team members can now easily log in with their Okta identity. When you delete or suspend a team member from your company’s Okta organization admin, the corresponding member’s DNSimple access will be revoked automatically, reducing the administration requirements for your organization.

Access control

You can set the level of DNSimple access for each member by visiting the Account > Members tab in your DNSimple account. For full details, visit Domain Access Control.

If you experience any issues or have any questions, please reach out at support@dnsimple.com.

Unlinking an Okta organization from a DNSimple account

  1. Go to the page, and click the tab.
  2. Click next to the SSO Workspace you want to remove.

Linking a DNSimple user to an Okta identity

When a DNSimple user exists in a DNSimple account before SSO is enabled, they will be required to link their Okta identity to verify ownership of both DNSimple and Okta user accounts. To link a DNSimple user to an Okta identity:

  1. Go to the User Settings page.
  2. In the Identities card, click next to the Okta identity provider.
  3. Authenticate your Okta account.
  4. You can now log in to DNSimple using the linked Okta identity.

Unlinking a DNSimple user from an Okta identity

  1. Go to the User Settings page.
  2. In the Identities card, click next to the linked identity.