How to setup a SSO with OKTA

When connecting OKTA for the first time with Bucketlist, you will need to provide some information on the Bucketlist integration section and create an application in OKTA.

Creating and configuring the application in OKTA:
  1. Create a new application using the 'Applications' menu and clicking 'Add Application'

 

OKTA1

2. Choose 'Web', then click 'Next'

 

okta2*

3. In the Application Settings screen, enter the following information

  • Name: Bucketlist
  • Base URIs:
    • If your platform is on the US Server and has the bucketlist.org URL then please use this Base URI: https://your-subdomain.bucketlist.org/ 
    • If your platform is on the CAD Server and has the bucketlistrewards.ca URL then please use this Base URI: https://your-subdomain.bucketlistrewards.ca/
    • Please note, your company may be located in Canada but your platform is on the US server. If you are unsure which server your platform is on, please check the end of your Bucketlist URL or connect with your Customer Onboarding Manager to confirm
  • Login redirect URIs: 
    • If your platform is on the US Server and has the bucketlist.org URL then please use this Login redirect URI: https://your-subdomain.bucketlist.org/oidc/callback/
    • If your platform is on the CAD Server and has the bucketlistrewards.ca URL then please use this Login redirect URI: https://your-subdomain.bucketlistrewards.ca/oidc/callback/
  • Click 'Done'

 

OKTA2-1

 

4. In the 'General' section of the newly created app, add these settings (by clicking on 'Edit')

  • Logout redirect URIS
    • If your platform is on the US Server and has the bucketlist.org URL then please use this Logout redirect URIs: https://your-subdomain.bucketlist.org/
    • If your platform is on the CAD Server and has the bucketlistrewards.ca URL then please use this Logout redirect URIs: https://your-subdomain.bucketlistrewards.ca/
  • Take note of the client credentials (client id and client secreet)
  • Click on save

 

5. Go to the 'API > Authorization Server' screen

 

OKTA3
  • Click on 'Add Authorization Sever'
  • Click on the 'default' authorization server
  • Click on the 'Claims'  menu and then the 'Add Claim' button

 

OKTA4-1

 

6. Add 2 claims

  • Name: first_name
  • Include in token type: ID Token / Userinfo / id_token_request
  • Value type: Expression
  • Mapping: (appuser != null) ? appuser.user.firstName : app.user.firstName
  • Include in: Any scope

 

7. And the 2nd claim:

  • Name: last_name
  • Include in token type: ID Token / Userinfo / id_token_request
  • Value type: Expression
  • Mapping: (appuser != null) ? appuser.user.lastName : app.user.lastName
  • Include in: Any scope

 

The claims are used to set the user's first and last name after the first login, depending on your configuration. If you already have a source where your user list is coming from, you might not need these.


8. Once you have generated all of the information within Okta, please follow these instructions on how to input your Okta credentials in Bucketlist.