Aiera supports Okta's OpenID based authentication. In order to map internal Okta based groups to Aiera organizations, you must add a few custom fields to the integration. Details are outlined below. These custom fields hide the details of your internal organization structure from Aiera, decoupling implementations.

Okta Setup

  1. Add a new web application called Aiera (under Applications, Add Application) ****https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Apps_Page.htm

    Application Configuration

  2. Add two new custom fields to user profiles for this application.

    1. Select Users/Profile Editor

      https://s3-us-west-2.amazonaws.com/secure.notion-static.com/bd1278b5-a4f2-4483-84e2-68e31820712a/Untitled.png

    2. Select Aiera User

    3. Add two new string attributes, aiera_org_key and aiera_org_name

    4. Set them both to required

  3. The application can now be assigned either to groups of users, or specific users. When assigning the application, Okta will ask you to assign the two new custom fields. Our recommendation, to keep things simple, would be to assign a unique application key/name to each Okta group you want to provide access.

  4. When a user attempts to login to Aiera via Okta

    1. If there is no organization found for the aiera_org_key a new organization is created based on the key and the aiera_org_name.
    2. If no users is found in Aiera's system, and new user is created and placed into the organization.

Aiera Setup

  1. Aiera will now need the Client ID and Client Secret from the Okta Aiera application page, under Client Credentials.
  2. Aiera also will need the applications Okta domain.
  3. Aiera can then fetch the OpenID configuration via https://{okta-domain}/.well-known/openid-configuration
  4. Aiera will provide you with a URL you can publish internally to login your users into Aiera via Okta. Example: https://auth.aiera.com/idp/login/{unique_code_provided_by_aiera}