Submit a Ticket My Tickets
Welcome
Login  Sign up
  1. CAKE
  2. Solution home
  3. Account Setup
  4. Third Party Integrations

How To Integrate OKTA (SSO) With CAKE

Luke Kadillak
Modified on: Tue, 18 Oct, 2022 at 8:06 AM

This article will cover:




What Is OKTA (SSO)?


OKTA is a cloud-based software that helps companies manage and secure user authentication into various web applications. Their software supports a process known as Single Sign On (SSO) which allows a user to log in with a single ID to multiple independent software systems.



What Do I Need Before I Can Integrate?


Before you can configure CAKE with your OKTA account, please be sure to first create CAKE as an OIDC app integration in OKTA. Next, you will need gather the following pieces of information from OKTA:


  1. Your OKTA Client ID(s) 
  2. Your OKTA Issuer URL



What Are The Two Integration Options?


CAKE provides the following two configuration options to our clients:


  1. Allow CAKE & OKTA Logins (Hybrid) or
  2. Allow OKTA Logins Only


Note:

The hybrid login model is recommended if would like to gradually roll out this new process to your CAKE admin portal. Alternatively, if you wish to use OKTA only, make sure all users who need to access the CAKE admin portal have already provided their OKTA Client ID or they will be locked out of the system.



How Do I Request The Integration Be Activated?


To integrate your CAKE account with OKTA, send a request to CAKE Support (support@getcake.com). In the email request, please specify:


  1. Your OKTA Client ID(s) 
  2. Your OKTA Issuer URL
  3. Your preferred Integration option


Our Support team will sync this information from our end with OKTA and notify you as soon as the integration connection is completed. This process can take 3-5 business days to complete.


What Does The Login Process Look Like Once Integrated?


Depending on the integration opinion you choose, the CAKE login screen will update as follows:


Option 1 - Hybrid. The Admin user will be presented with the standard CAKE username/password fields as well as a button to Login with OKTA.



Option 2 - OKTA Only. The Admin user will not be presented with any CAKE username/password fields. Only the Login with OKTA button will be displayed.



When a user clicks the Login with OKTA button, they will always be redirected to the OKTA Login page:




How Do I Add New Users To CAKE?


Once OKTA is enabled, new users/existing user can only be added/edited via two new CAKE APIs.


  • Add Users: https://[ClientAdminDomain.com]/okta/users
  • Edit Users: https://[ClientAdminDomain.com]/okta/users/{ID}


Note:

Users cannot modify behavior of the login since OKTA controls this now. The following features will be hidden from the CAKE UI once OKTA is enabled:

  • Remove Password
  • Disable Login
  • Change Password
  • Forgot Password
  • Add User



FAQ


Can I use MFA and SSO at the same time?

   No, if you have MFA enabled and integrate with OKTA, OKTA will be the



You may also be interested in:

  • Related article one (hyperlinked)

  • Related article two (hyperlinked)

  • Related article three (hyperlinked)







Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Related Articles