Organizational owners and admins can configure OIDC settings for an organization on the PDQ portal.
If you wish to use OIDC login with Okta, follow the steps below.
This procedure will require switching back and forth several times between the Okta management portal (specific URL for your organization) and the PDQ.com portal account settings (https://portal.pdq.com/account), so it would be easiest if you opened each page in a separate window or tab and kept them open throughout the entire procedure.
The URL for your Okta management portal will have the following format:
https://[your-tenant]-admin.okta.com
e.g. https://myorganization-admin.okta.com
Create a custom app integration in Okta
- Navigate to your Okta management portal via the URL above.
- In the left pane, under Applications, click Applications.
- Click the button to Create App Integration.
- In the Create a new app integration window, select the radio button for OIDC - OpenID Connect.
- Under Application Type, select the radio button for Web Application, and then click Next.
- In the New Web App Integration page, provide a name for your app (e.g. your organization's name).
This app name may be visible to your users during login, so be sure to pick something that will make sense to them. - Scroll down to the Assignments section, and select an appropriate assignment option, whether that is everyone in your org or a subset of users/groups.
The app must be assigned to your users, or they will not be able to use it to log in. If you need to update these settings after app creation, you can do so on the app page, under the Assignment tab. - Click Save. You will be redirected to the page for your newly created app.
Copy the OIDC settings from Okta into PDQ Portal
- On your app page, click the button next to Client ID to copy this value to the clipboard.
- Return to the PDQ Portal account settings (https://portal.pdq.com/account), scroll down to the OIDC settings, and paste the guid into the Client ID field.
- Back on your app page in Okta, in the Client Secrets section, click the button to copy the client secret (created by default) to the clipboard.
- Back in the PDQ account | OIDC settings, and paste the Value into the Client Secret field.
-
For the Discovery Document URI, enter the URL, which will have the following format:
https://[your-tenant].okta.com/.well-known/openid-configuration
e.g. https://myorganization.okta.com/.well-known/openid-configuration
- Scroll to the top of the PDQ Account settings page and click the button to Save changes.
Add the redirect URI for the PDQ Portal to Okta
- On the PDQ Portal account settings (https://portal.pdq.com/account), scroll down to the OIDC settings, and copy the Redirect URI to the clipboard.
- Return to the Okta app page for the app created above. In the General Settings section, click Edit.
- Scroll down to the Login section.
- Under sign-in redirect URI, paste the URI from PDQ into this field, replacing the default value.
- Under sign-out redirect URI, if a default value (such as localhost) appears there, click the X button to delete the value. The sign-out redirect URI is not required and should be empty.
- Scroll down and click the button to Save.
After you have completed the steps above, return to the main set of instructions for enabling OIDC, and resume from the section Enable OIDC for your account.