Using Okta as an Identity Provider for password reset

Chris Dakin

If you want to use Okta as your authentication source for performing password resets through LogonBox, this article will show you how to set it up.

To do this, we will use SAML, with LogonBox being the Service Provider (SP) and Okta being the Identity Prodiver (IdP).

 

Okta configuration

Log in to your Okta admin console, expand Applications in the left menu and click on Applications.

Click Create App Integration.

 

Select SAML 2.0 and click Next.

 

Give the new app a name, such as LogonBox and optionally upload a logo and click Next.

 

For the Single sign on URL, enter https://<logonboxserver>/app/api/saml/process, replacing <logonboxserver> with the hostname of your LogonBox server.

Set the Entity ID to https://<logonboxserver> in the same way.

Set Name ID format to EmailAddress.

The rest of the settings can be left as default, scroll down and click Next.

 

Select 'I'm an Okta customer adding an internal app' and click Finish.

 

Click on View Setup Instructions.

 

Copy the Identity Provider Single Sign-On URL and the Identity Provider Issuer.

Click Download certificate to get the cert.

We can now use these three items of information to configure the LogonBox server. You can now close the Okta configuration and log off your account.

 

Finally, in the Assignments tab, click Assign to account users and/or groups who you want to grant access to this application.

 

LogonBox Configuration

Now LogonBox can be configured to use Okta for User Login, Password Reset, Account Unlock or any combination.

This article will cover Password Reset specifically, but the same steps apply for the other authentication flows.

Log on to your LogonBox server with your admin account and navigate to Authentication Flows.

Click the Edit icon next to the Password Reset authentication scheme.

 

On a new system this flow would currently have Username followed by User Selective 2FA. Delete both of these modules with the delete icon on the module.

 

Now add the orange SAML module, then click the edit icon on the module.

 

For Entity ID, paste the Identity Provider Issuer that was copied from the Okta configuration earlier.

For Sign-in URL and Sign-out URL, paste the Identity Provider Single Sign-On URL that was copied earlier.

For Certificate, click Choose file and select the certificate file downloaded earlier.

Click Apply to save the changes.

 

Finally, click Save at the bottom of the page to save the Password Reset flow.

Your LogonBox server is now ready to authenticate to Okta.

 

Testing

Pre-requisite: You must have a user configured on your LogonBox server who has an email which matches an Okta account.

From the main portal, click Reset Password.

 

Click Next to start the authentication process.

 

You are redirected to your Okta sign in page. Enter your Okta user credentials and click Sign in.

 

You are then redirected back to LogonBox to complete the authentication.

 

You are now presented with a password reset prompt. Enter your new password and confirm then click Change Password.

 

Your password has now successfully been changed.