Security
      Back to home
      1. Help Center
      2. IT Documentation
      3. Security

      Okta Single Sign On Configuration for BCS

      This document walks through the needed configuration to enable SSO access for the BCS Application.

      To fully configure Okta as an Identity Provider (IdP) there will be some additional information that will need to be provided after all BCS configuration has been completed.
      1. In Okta click on Applications > Applications
      2. Click Create App Integration
      3. Select OIDC OpenID Connect
      4. Select Web Application
      5. Enter “BCS” (or any preferred name) in App integration name
      6. Enter the BCS redirect URL “https://bcs-phoenix-clients.auth.us-east-1.amazoncognito.com/oauth2/idpresponse” in the Sign-in redirect URIs
      7. Under Assignments you can optionally choose to Skip group assignments for now
        1. Note: The users added to this application will need to be determined by the
          customer performing this configuration
      8. Click Save
      9. Note the Client ID and the Client Secrets both of these will need to be provided to BCS
        for final configuration
        1. Example:
      10. Note the Okta well known URI to provide to BCS for final configuration.
        1. The URI will be in this format:
          “YOUR_OKTA_DOMAIN.okta.com/.well-known/openid-configuration”
      11. The three values noted above will need to be provided to BCS for final configuration.The
        three values are:
        1. Client ID. Example: 0oaf12pcqaSUN28m65d7
        2. Client secret. Example:
          Xy9sPgdQ_YlJA6F4XC31Vu7DSMySQAblcjYrOcn-qP7n71AqgA-b8vhxARC
          WB_E_
        3. OpenID Connect metadata document. Example:
          https://dev-91444013.okta.com/.well-known/openid-configuration
      12. After providing BCS with the values BCS will need to add configuration. Once BCS has
        been configured a callback URL will be provided. Example:
        https://test-client-phoenix.auth.us-east-1.amazoncognito.com/oauth2/authorize?cli
        ent_id=610db4b2s4a989vunqf42e0uvs&response_type=code&scope=email+openi
        d&redirect_uri=https%3A%2F%2Fclient.getbcs.com%2Fcallback%2F610db4b2s4a
        989vunqf42e0uvs
      13. With the callback URL provided from BCS, proceed to the next steps to configure
        Identity Provider Initiated (IdP) login
        1. Return to Applications > Applications
        2. Click the “BCS” application
        3. On the General tab click Edit in the General Settings section
        4. For Login initiated by drop down choose Either Okta or App
        5. Check Display application icon to users and enter the BCS provided callback URL int the Initiate login URI field.
          1. Example:

          2. Click Save

      14. Assign users to the BCS application as desired and test to ensure they are able to login
        successfully