Okta Self-Service Setup Option (Okta Express Configuration)

For organizations that prefer a streamlined, guided setup experience, Okta offers an Express Configuration method. This reduces manual steps by using a pre-built template and auto-populating many of the fields covered above.

Reference Resources:

·       Okta Express Config Guide

Overview

The Express Configuration method uses Okta's Integration Network (OIN) or a template-based approach to simplify the OIDC setup. Rather than manually entering required metadata fields, the integration is partially pre-configured, and you complete a shorter guided flow.

Prerequisites

Contact Conduit Security Support (support@conduitsecurity.com) to provision your account in the Conduit platform.

Supported Features (OIDC)

• SP-initiated SSO (Single Sign-On) This authentication flow occurs when the user attempts to log in to the application from the Conduit Security app.

• Universal Logout When enabled, Okta can terminate user sessions and tokens when risk is detected or when an admin initiates logout.

• Just-In-Time provisioning Users are automatically created on their first login. Email and name attributes are provisioned.

For more information on the listed features, visit the Okta Glossary.
‍

Configuration Steps

Step 1: Add the Conduit Security Application

• Sign in to the Okta Admin Console.
• Navigate to Applications → Browse App Catalog.
• Search for Conduit Security and select it.
• Click Add Integration.

Adding the application from the Okta Integration Network automatically creates the required OIDC application configuration.

Step 2: Express Configuration

• Navigate to Sign On in the Conduit Security app and select Express Configure SSO & UL. This redirects them to an Auth0  Universal Login screen.
• The Okta administrator enters the organization name and the credentials of the user who is permitted to perform Express Configuration. 
• After authenticating, Auth0 prompts the Okta administrator for consent.
• After approval, Okta uses the Express Configuration API to automatically configure an Okta connection within the Auth0 organization to which the Okta administrator belongs and the setup is complete.

Step 3: Configure Universal Logout

To enable Universal logout, please follow the below steps:

• Ensure the Workforce Identity SKU/License for Identity threat protection is enabled for the Okta tenant.
• In the Okta Admin Console, navigate to the Conduit Security App that supports Universal Logout.
• On the app's page, select the Authentication tab.
• In the Logout section, click Edit.
• Select Okta system or admin initiates logout.

Step 4: Notify Conduit Support Team

Send an email to support@conduitsecurity.com to confirm that you have completed the Express Configuration setup. 

Our team will then:

• Enable Home Realm Discovery for your domain.
• Enable application access so your users can log in.

Wait for confirmation from our team before proceeding to the next step.

Step 5: Assign Users and Test

Once our team has confirmed that setup is complete:

• Assign the admin account to the Conduit Security App in Okta.
• Assign any other users or groups that should have access to the app.
• Refer to the SP Initiated section below for testing the login flow.

SP Initiated SSO

The sign-in process is initiated from https://app.conduitsecurity.com

• From your browser, navigate to https://app.conduitsecurity.com.
• Enter your work email address.
• You will be re-directed to your Okta portal to complete login.
• After successful authentication, the user is navigated back to https://app.conduitsecurity.com.

If your credentials are valid, you are redirected to the Conduit Security dashboard.

Universal Logout

When Universal Logout is enabled, Okta can terminate user sessions across all applications when:

• An administrator initiates a logout from the Okta Admin Console
• The Okta system detects risk and terminates sessions for security

This ensures that when a user is logged out of Okta, they are also logged out of the Conduit Security app.

When to Use Express vs. Standard Setup

‍

Troubleshooting

If you encounter any issues during the express configuration setup or login flow, reach out to support@conduitsecurity.com for assistance.

‍