Okta Authentication Setup

This document describes how to configure an Okta account to enable OIDC authentication with Tabular.

On this page:

Configure OIDC Application

To enable Tabular-Okta authentication, you must configure an Okta OIDC application. Use the next section to configure a new application. If you have an existing OIDC application, skip the next section and continue with the following section.

New OIDC Application

Use this section to configure a new Okta application.

Security -> API

First, go to Security -> API. In the Authorization Servers tab, select and open “default”.

Click on the Access Policies tab, select the Default Policy, then edit the Default Policy Rule.

In the edit page, check that “Authorization Code” is enabled/checked.

Applications -> Applications

Go into Applications -> Applications and select Create App Integration.

Choose OIDC - OpenID Connect then, Single-Page Application, and click Next.

Enter a name for the integration, for example “Tabular OIDC”.

In the Grant Type section, ensure that Authorization Code is selected

In the Sign-in redirect URIs section, add the URI

In the Trusted Origins section, add the Base URI

In the Assignments section, configure the application access appropriately. We have tested with

  • Allow everyone in your organization access
  • Enable immediate access with Federation Broker Mode

Save the Application.

Optionally, if you wish your users to be able to login to Tabular from the Okta Portal, go back and edit the application. In the General Tab, edit the General Settings. Find the LOGIN section of the form. Set the following

  • Login initiated by to Either Okta or App
  • Application visibility to Display application icon to users
  • Login flow to Redirect to app to initiate login (OIDC Compliant)
  • Initiate Login URI to https://app.tabular.io/login/idp

Existing Application

If you already have an OIDC application configured in your Okta account, you will need to do the following.

Security -> API

Go to the Security -> API section of the Okta Admin console. And then to the Trusted Origins tab.

Add a new origin with the Add Origin button. Choose an Origin name like “Tabular OIDC” and enter the Origin URL

Choose Origin Type “Cross-Origin Resource Sharing (CORS)” and then Save.

Applications -> Applications

Now, go to Applications -> Applications, and select your application from the ACTIVE section.

In the General Tab, edit the General Settings. Find the LOGIN section of the form.

Add the following Sign-in redirect URI

Optionally, if you wish your users to be able to login to Tabular from the Okta Portal, then in the LOGIN section of the form. Set the following

  • Login initiated by to Either Okta or App
  • Application visibility to Display application icon to users
  • Login flow to Redirect to app to initiate login (OIDC Compliant)
  • Initiate Login URI to https://app.tabular.io/login/idp

And finally Save.

Contact Tabular

Currently, Tabular must complete the configuration. You will need to gather the following information and send it to us.

Issuer URI

You can find the Issuer URI in the Security -> API section. On the Authorization Servers tab, make note of the Issuer URI.

Client ID

Go to the Applications -> Applications section, and find the OIDC application in the ACTIVE area. On the General tab, make a note of the Client ID.

Send both the Issuer URI and the Client ID to Tabular for us to continue configuration.