Thinkific Okta SSO Integration
miniOrange provides a ready to use solution for Thinkific. This solution ensures that you are ready to roll out secure access to Thinkific using Okta within minutes. Okta as an IDP ( Identity Provider) helps you log in into Thinkific.
Connect with External Source of Users
miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, OpenLDAP, AWS etc), Identity Providers (like Microsoft Entra ID, Okta, AWS), and many more. You can configure your existing directory/user store or add users in miniOrange.
Prerequisites
Follow the step-by-step Guide given below for Thinkific Single Sign-On (SSO) with Okta
1. Configure Okta as IDP
Configuring miniOrange as Service Provider (SP) in Okta
- Log in to Okta.
- In Okta Developer site, navigate to Applications > Applications.
- Click on Create App Integration. A popup with sign on methods is shown. Select SAML 2.0 & click on Next
- Write any appropriate App name then click Next.
- For the above SAML configuration you need to get the Entity ID and ACS URL from miniOrange
- Go to miniOrange Dashboard in the left navigation menu. Click on Add Identity Providers >> Add Identity Provider.
- Now click on the Click here link to get miniOrange metadata as shown in Screen below.
- For SP -INITIATED SSO section Select Show Metadata Details.
- Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.
| Single sign on URL |
ACS URL copied from the miniOrange metadata section mentioned in the previous step. |
| Audience URI (SP Entity ID) |
Entity ID or Issuer copied from the miniOrange metadata section mentioned in the previous step. |
For SLO configuration (optional)
- For SLO configuration in okta go to the Configure SAML page , click Show Advanced Settings.
- Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.
| Encryption Certificate |
This is optional
|
| Enable Single Logout |
Enable the check box to Allow application to initiate Single Logout |
| Single Logout URL |
Single Logout URL as mentioned in the Metadata Section |
| SP Issuer |
Entity ID or Issuer as mentioned in the Metadata Section |
| Signature Certificate |
X.509 Certificate can be downloaded from the Metadata Section |
- Click Next.
- Add Attribute Statement & Group Attribute Statement if required & click on Next.
- Select Okta Configuration type & click on finish.
- Navigate to Assignment tab from Okta. Click on Assign & select Assign to People. Select the user from the popup & click on Done. You can also assign groups if required.
Configure Okta as Identity Provider (IDP) in miniOrange
- Go to miniOrange Admin Console.
- From the left navigation bar select Identity Provider. Select SAML.
- Now navigate to the Sign on tab from Okta & select View Setup Instructions. After selecting View Setup Instructions it will open new tab which contains Single Sign-On URL, Single Logout URL, Identity Provider Issuer & X.509 Certificate copy these data. This data is required for adding Identity Source in miniOrange.
- Enter appropriate IdP Name. Also add following details
| IdP Entity ID |
Identity Provider Issuer from Okta |
| SAML SSO Login URL |
Identity Provider Single Sign-On URL from Okta |
| X.509 Certificate |
X.509 Certificate from Okta |
| Single Logout URL [Optional] |
Single Logout URL from Okta |
- Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
| Domain Mapping |
Can be used to redirect specific domain user to specific IDP |
| Show IdP to Users |
Enable this if you want to show this IDP to all users during Login |
| Send Configured Attributes |
Enabling this would allow you to add attributes to be sent from IDP |
- Click on save.
Test IDP Connection
- Go to Identity Providers tab.
- Click on Select>>Test Connection option against the Identity Provider you configured.
- On entering valid Okta credentials you will see a pop-up window which is shown in the below screen.
- Hence your configuration of Okta as IDP in miniOrange is successfully completed.
2. Setup Thinkific as SP
- Login to miniOrange Admin Console.
- Go to Apps Click on Add Application button.
- Select JWT App.Click on Thinkific.
-
In Add Apps tab enter the values and click on Save.
|
Custom Application Name
|
Choose appropriate name according to your choice. |
|
Description
|
Add appropriate description according to your choice. |
|
Redirect-URL
|
https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt= |
- To configure App secret go to Edit against your configured app, Apps>>Select your app>>Edit
|
App Secret
|
The API key fetched from Thinkific dashboard |
|
Signature Algorithm
|
Choose HS256 |
- Click on Save
- Now, You can access Thinkific Account Using IDP credentials through the Single-sign-on URL as shown in image above.
3. Test SSO Configuration
- Login to your Thinkific account.
- On the Dashboard, Click on Desgin your site-> Theme library option.
- Click on Three Dots as shown in the below image and select EDIT CODE option from dropdown.
- Now, click on the Snippets link and search for meta_tag option and click on it.
- Add Single Sign-On URL in the below format as shown in the image, (you will get this url from step 1) and click on Save button.
- Go to your Thinkific URL, click on SIGN IN button which will redirect you to miniOrange IdP Sign On Page.
- On accessing the Single sign-On URL as mentioned in the second step, you will be asked to enter your Okta credentials.
- On entering the valid credentials, you will be successfully logged into Thinkific.
- Log into Okta using your credentials.
- Click on Admin to access the Admin Console, then click on Applications.
- Click on Add Application and search for "Bookmark App", and Click Add in the left pane.
- Choose an app name of your choice which will be the display name.
- In the URL section, enter the SSO URL that is given in the JWT app.
- Click on Save.
- On the End User-Dashboard, click on the Thinkific bookmark application configured, to test the SSO flow.
- You will be successfully logged into Thinkific.
External References
