Logging in with SSO through Okta

All Lumopath users have the ability to configure a default Identity Provider to power Single Sign On (SSO). This article details how to configure Okta as the primary Identity Provider to facilitate SSO with the Lumopath application.

Supported Features

• Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Lumopath.
• Automatic account creation in Lumopath on initial SSO.

Requirements

In order to proceed with configuring login with SSO through Okta, you must:

• Have access to an Okta tenant
• Be an Okta administrator to that tenant

If you have trouble during any step, please email support@lumopath.ai for assistance.

Configuration Steps

The following documents the configurations for setting up the OIDC integration between Lumopath and Okta. Okta is the Identity Provider (IDP) and depending on the use case, the user will be redirected to Okta for authentication if no session has been established.

Step One: Add the Lumopath App to Okta

1. Login to your organization’s Okta tenant.
2. Navigate to Applications > Applications > Browse App Catalog
3. Search for Lumopath, and then click Add Integration.
4. Enter an Application Label in General Settings. This is the name under which the Lumopath app will appear in your Okta dashboard.
5. Click Done.

Step Two: Gather Information from Okta

1. In the Okta admin page, click on the Lumopath application and then navigate to the General tab.
2. Copy the values of Client ID and Client Secret (click the eye button to toggle the visibility).
3. On the Sign On tab, look for the Issuer. Alternatively, in the top right of the Okta dashboard, click on the section with your email address and company name. This should open a popup menu with your name, email address, and an Okta domain. Please copy this domain name. (In the screenshot below, the domain name will be dev-redacted.okta.com.)

Once you have all the information (summarized below), email them to support@lumopath.ai:

• Client ID
• Client Secret
• Issuer / Okta domain

We will handle your request and get back to you once the integration is configured.

Step Three - Assign Users

1. Before leaving Okta, ensure you have given yourself and any other target users access to the Lumopath application. You can do this by going to Applications > Lumopath > Assignments and then assigning to either the target people or group.

1. Leveraging Federation Broker Mode or Groups is recommended to assign access. If assigning access to People, ensure the User Name is a valid email.

2. Assigned users will now be able to log into Lumopath via SSO through the Lumopath app at https://app.lumopath.ai/. Users will not be able to access Lumopath from their Okta dashboard/tiles. Keep in mind, accounts won't be created in Lumopath until the initial SSO login.

If you experience any issues or have any questions, please reach out to support@lumopath.ai.

Notes

Permissions

Lumopath’s integration with Okta leverages Okta only for authentication. To assign permissions for Lumopath, users must do so directly within Lumopath or by emailing support@lumopath.ai.