Forecasts integration with Okta allows you to use Okta for user provisioning service when accessing Forecast. This means that your Forecast account will have an extra layer of security. In order to make use of the integration please make sure that your email in Forecast is the same as the one in Okta. Below the article will walk you through how to set up your Okta.
If you are looking for User provisioning with Okta, see Okta Integration: User Provisioning Setup.
This article includes:
Configuring Single Sign-on in Okta
To configure the Single sign-on in Okta.
Go to the Profile section of Okta.
Go to Assign Applications
- Under Assign Applications, Click Add Application
- Click on Create New App
- Select OpenID Connect and click Create.
- Name the application Forecast and upload the picture located here: https://app.forecast.it/forecast_logo_okta.png
- Set Login redirec URIs to graphql.forecast.it/okta/oauth
- Click Save.
- Edit General Settings and fill in the details as listed below.
- Click Save.
- Copy the “Client ID” and “Client secret”. These are required in Forecast.
This will finalize the process in Okta and you can now move on with configuring the SSO in Forecast.
Configuring Single Sign-on in Forecast
Once everything is configured in Okta you will then be able to proceed with configuring the SSO in Forecast.
To configure the SSO in Forecast
- Click on your profile icon in the top right corner of the screen from anywhere on the platform.
- Click on Admin. This will take you to the Admin panel.
- While on the Admin panel click on the Integrations tab.
- Scroll to the SSO section of the page and click on Okta.
- Fill in your “Okta account URL”, “Application client-id” and “Application client secret”.
- Click Save to finalize the process.
The SSO is now set up on both platforms.
Assign users to single sign-on with Okta
Once the configuration is done you can begin assigning users to the single sign-on in Okta.
To assign users to single sign-on in Okta
- In the Admin Console, go to Directory>People.
- Click Add Person.
- Select a user type in the User type list or accept the default.
- Complete these fields:
- First name— Enter the user's first name.
- Last name— Enter the user's last name.
- Username— Enter the user's user name in email format.
- Primary email— Enter the user's primary email if it's different from their username.
- Secondary email— Optional. Enter a secondary email to allow the user to access information when their primary email is unavailable.
- Groups— Optional. Enter the groups to which the user belongs.
- Password— Select Set by user to allow the user to set their password, or select Set by admin and enter a password.
- Send user activation now- Optional. This check box is available when Set by user is selected as the password option. Select this check box to send a user activation email to the user.
- User must change password on first login— Optional. This check box is selected by default when you select Set by admin as the password option. Clear this check box if you do not want the user to change their password when they first sign in.
- Click Saveor click Save and Add Another to add another user.
Once this is done and the emails of the users match on both platforms, the users will have to log into Forecast by using the Okta option on the Forecast log-in page.
Switching authentication types
If a user is not included in the Okta single sign-on they will still be able to log into Forecast with their regular email and password.
Another thing to keep in mind is that if you decide to switch to a different SSO, it is necessary to contact Forecast support as we must first disable the integration to the previous SSO integration that you were using.