See how Ramp uses ConductorOne
ConductorOne

ConductorOne Docs

Set up ConductorOne using Okta SSO

When setting up ConductorOne, configure an Okta OpenID Connect (OIDC) app for single sign-on (SSO) access to the application.

Step 1: Create a ConductorOne account

  1. Follow the instructions in Create an account.
  2. Click Sign up with Okta.

A new paged titled Setting up Okta to work with ConductorOne opens. Leave this page open, and open a new browser tab to create your ConductorOne OIDC application in Okta. Once the Okta application is set up, you’ll return to this registration page to complete ConductorOne signup.

Step 2: Create an OIDC application in Okta

  1. In a new browser tab, navigate to the Okta admin panel and click Applications > Applications.

  2. Click Create App Integration.

  3. In the Sign-in method area, select OIDC - Open ID Connect.

  4. In the Application type area, select Web Application.

  5. Click Next.

  6. On the New Web App Integration page, enter the following information in the specified fields:

    • App integration name: ConductorOne

    • Logo (Optional):

      ConductorOne logo
      Right click to copy.

    • In the Grant Type area:

      • Under Client acting on behalf of itself:

        • Uncheck Client Credentials
      • Under Client acting on behalf of a user:

        • Check Authorization Code
        • Check Refresh Token
        • Uncheck Implicit (Hybrid)
        The New Web App Integration page showing the Grant type section filled out for a ConductorOne app.

        Here's how the General Settings section should look when filled out.

  7. In the Sign-in redirect URIs field, enter https://accounts.conductor.one/auth/callback

  8. Clear the value from the Sign-out redirect URIs field.

  9. Optional. If you want to utilize a login URL to trigger an IDP-initiated flow:

    1. Enter https://<DOMAIN>.conductor.one/login?sso_operation=initiate_login in the Initiate login URI field.
    2. Check Implicit (hybrid) in the Grant type area of the page.
  10. Optional. The Trusted Origins field is not used by ConductorOne.

  11. Optional. Add the initial users allowed to access ConductorOne to the Assignments field.

  12. Click Save.

Step 3: Copy Okta application auth details to ConductorOne

Now that the OIDC app is created, retrieve the Client ID and Secret and add that information to the Setting up Okta to work with ConductorOne page. To complete this step you’ll move back and forth between your Okta tab and the ConductorOne registration tab.

  1. In Okta, if necessary, click Applications > Applications > ConductorOne to return to the new ConductorOne application’s details screen.

  2. In Okta, copy your Okta domain (such as acmeco.okta.com) from the browser’s address bar.

  3. In ConductorOne, paste your Okta domain into the Okta Domain field.

  4. In Okta, copy the ConductorOne app’s Client ID by clicking the Copy to clipboard icon.

  5. In ConductorOne, paste the Client ID into the Client ID field.

  6. In Okta, copy the ConductorOne app’s Client Secret by clicking the Copy to clipboard icon.

  7. In ConductorOne, paste the Client Secret into the Client Secret field.

  8. In ConductorOne, click Sign up with Okta.

That’s it! Okta will now guide you through the SSO sign-in process and redirect you to the ConductorOne dashboard.

Display the ConductorOne app on the Okta dashboard

Users click the ConductorOne app on their Okta end user dashboard to be signed in and authenticated to ConductorOne.

To display the ConductorOne app on the Okta end user dashboard:

  1. Log into the Okta portal as an Admin.
  2. Navigate to Okta admin > Applications > ConductorOne.
  3. Click the General tab. Scroll to General Settings and click Edit.
  4. In the Grant type area, check Implicit (hybrid). Leave Allow ID Token with implicit grant type checked.
  5. Set Login initiated by to Either Okta or App.
  6. In the Application visibility area, check Display application icon to users.
  7. In the Initiate login URI field, enter https://<YOUR TENANT>.conductor.one/login?sso_operation=initiate_login
    • Validate this URL by navigating to it directly. If you are not logged in to ConductorOne, a valid URL will redirect you to the single sign-on screen.
  8. Click Save.

Alternatively, you can create a Bookmark App integration in Okta by following the instructions in the Okta documentation: Create a Bookmark App integration.

Enter https://<YOUR TENANT>.conductor.one/login?sso_operation=initiate_login as the URL for the sign-in page for ConductorOne.