How to setup a SSO with OKTA

When connecting OKTA for the first time with Bucketlist, you will need to provide some information on the Bucketlist integration section and create an application in OKTA.

Creating and configuring the application in OKTA:

  1. Create a new application using the 'Applications' menu and clicking 'Add Application'

OKTA1

2. Choose 'Web', then click 'Next'

okta2*

3. In the Application Settings screen, enter the following information

  • Name: Bucketlist
  • Base URIs: https://your-subdomain.bucketlist.org/
  • Login redirect URIs: https://your-subdomain.bucketlist.org/oidc/callback/
  • Click 'Done'

OKTA2-1

4. In the 'General' section of the newly created app, add these settings (by clicking on 'Edit')

5. Go to the 'API > Authorization Server' screen

OKTA3
  • Click on 'Add Authorization Sever'
  • Click on the 'default' authorization server
  • Click on the 'Claims'  menu and then the 'Add Claim' button

OKTA4-1

6. Add 2 claims

  • Name: first_name
  • Include in token type: ID Token / Userinfo / id_token_request
  • Value type: Expression
  • Mapping: (appuser != null) ? appuser.user.firstName : app.user.firstName
  • Include in: Any scope

7. And the 2nd claim:

  • Name: last_name
  • Include in token type: ID Token / Userinfo / id_token_request
  • Value type: Expression
  • Mapping: (appuser != null) ? appuser.user.lastName : app.user.lastName
  • Include in: Any scope

The claims are used to set the user's first and last name after the first login, depending on your configuration. If you already have a source where your user list is coming from, you might not need these.