Curiosity for Developers
  • Overview
  • Getting Started
    • Introduction
    • System Overview
      • Workspace
      • Connectors
      • Front End
    • Requirements
    • Installation
      • Deploying on Windows
        • Download Curiosity Workspace for Windows
      • Deploying on Docker
        • Deploying using Docker Desktop App
        • Docker Hub
      • Deploying on Kubernetes
      • Deploying on OpenShift
      • Configuration
    • Configure your Workspace
    • Connecting to a Workspace
      • Download App
    • Built-in Templates
  • Security
    • Introduction
    • Hosting
    • Encryption
    • Users and Access
      • User Invitations
      • Single Sign-On (SSO)
        • Google Sign-In
        • Microsoft / Azure AD
        • Okta
        • Auth0
    • Permissions Management
    • Auditing
    • Teams management
    • Configuring Backup
      • Restoring a backup
    • Activate a workspace license
  • Data Sources
    • Introduction
    • User Apps
    • Workspace Integrations
    • API Integrations
      • Introduction
      • Data Modeling
      • Writing a Connector
      • Access Control
      • API Tokens
      • API Overview
      • Tips
    • Supported File Types
    • Curiosity CLI
      • Installation
      • Authentication
      • Commands
  • Search
    • Introduction
    • Languages
    • Synonyms
    • Ranking
    • Filters
    • Search Permissions and Access Control
  • Endpoints
    • Introduction
    • Creating an endpoint
    • Calling an endpoint
    • Endpoint Tokens
    • Endpoints API
  • Interfaces
    • Introduction
    • Local Development
    • Deploying a new interface
    • Routing
    • Node Renderers
    • Sidebar
    • Views
  • Artificial Intelligence
    • Introduction
    • Embeddings Search
    • AI Assistant
      • Enabling AI Assistant
    • Large Language Models
      • LLMs Models Configuration
      • Self-Hosted Models
    • Image Search
    • Audio and Video Search
  • Sample Workspaces
    • Introduction
    • HackerNews
    • Aviation Incidents
    • Covid Papers
    • NASA Public Library
    • Suggest a Recipe
  • Basic Concepts
    • Graph database
    • Search Engine
  • Troubleshooting
    • FAQs
      • How long does it take to set up?
      • How does Curiosity keep my data safe?
      • Can we get Curiosity on-premises?
      • Can I connect custom data?
      • How does Workspace pricing work?
      • Which LLM does Curiosity use?
      • What's special about Curiosity?
      • How are access permissions handled?
      • What enterprise tools can I connect?
      • How to access a workspace?
      • How do I hard refresh my browser?
      • How do I report bugs?
      • How do I solve connectivity issues?
      • How do I contact support?
  • Policies
    • Terms of Service
    • Privacy Policy
Powered by GitBook
On this page
  • Configuring Okta Single Sign-On
  • Creating an Okta application
  • Entering the details into Curiosity
  • Removing the "Log in with Okta" option
  • Troubleshooting
  1. Security
  2. Users and Access
  3. Single Sign-On (SSO)

Okta

PreviousMicrosoft / Azure ADNextAuth0

Last updated 2 years ago

Configuring Okta Single Sign-On

Curiosity supports User Management via . Rather than maintaining names, email addresses, and passwords for Users that may log into the application, you can connect with accounts that already exist in your Okta application (meaning that Users are not burdened with yet another password to remember).

To do so, you require four pieces of information:

  • an Okta "Domain"

  • an "Authorization Server Name"

  • a "Client ID"

  • a "Client Secret"

It is presumed that you already have an Okta account that you will be configuring to enable Curiosity SSO and that you have administrative privileges to make the changes to the Okta account. It is also presumed that you have an administrator account for your Curiosity application.

(If you are in the technical evaluation phase with Curiosity or Okta, Okta has a free trial option available at that may be of interest if you do not already use Okta)

Creating an Okta application

Go to your Okta Developer Console, it will have a URL that looks something like on the following:

Ensure that you are logged in with an account that has access to make changes. If you are uncertain then try to follow the steps below and talk to your administrator if any of them result in any "unable to access" or "access denied" error.

Click on "Applications" in the top menu, then "Add Application"

Then select the "Web" option and click Next.

Enter a name such as "Curiosity SSO".

Click the "X" on the right-hand side of the pre-filled "Bare URIs" entry, as this option does not apply to this type of integration.

Do the same for "Logout redirect URIs" as this is also not required.

You need to tell the SSO process how to get back to Curiosity after a successful login, which is the purpose of the "Login redirect URIs" entry. The format of the URI is:

{domain}/api/oktasso/completed-login-attempt

If your Curiosity application is hosted by us then it will look something like this:

Change the pre-filled "Login redirect URIs" entry to the appropriate value.

Click "Done".

You now have an application configured and the summary page that you are on will show the "Client ID" and "client secret" values at the bottom.

(The Client ID will be a string around twenty characters long, consisting of lower case letters and numbers. The Client Secret will be a longer value, consisting of upper and lower case letters, numbers, and symbols.)

These are two of the four pieces of information required. To get the remaining two, click on "API" in the top menu and then "Authorization Servers".

Okta creates an "Authorization Server" called "default" automatically - this is the "Authorization Server Name" value that is required. This view also shows the Okta domain that is to be used, it is the "Issuer URI" value without the "/oauth2/default" path.

(You can create test users for this application by clicking on "Users" in the top menu and then "People" and then clicking "Add Person" to create a new account— for testing, it makes sense to select "Set by admin" for the password and to untick the "User must change password on first login box". You will then be able to use this newly-created to test logging into Curiosity.)

Entering the details into Curiosity

Click the menu button at the top left, then click "Settings", then "Accounts" and then "Single Sign-On".

(If you don't see a "Single Sign-On" option and the only item under "Accounts" is "Profile" then you are not logged into Curiosity with an administrator account)

Click "Okta" and then enter the Domain, Authorization Server Name, Client ID, and Client Secret.

Click "Save".

Okta SSO is now configured for this application.

To test it, log out (by clicking the user name at the top right and then clicking "Logout" in the panel that appears). The log in screen will now present a "Log in with Okta" option.

Click "Log in with Okta" and you will be redirected to an Okta page where you can enter credentials for an account related to the Okta application.

Click "Sign In" and you will be redirected back to the Curiosity application as a logged-in User relating to the email address that you specified.

If a User account does not exist in Curiosity for the email that you chose then one will automatically be created (so that it is possible for the Curiosity application administrators to set access rights and permissions). The email and name from the Okta account will be used to populate the account in the Curiosity application. If a User account already existed for the specified email then any permissions that have been set in will not be altered but the name will be updated if the name in the Okta account does not match the name in the Curiosity User account.

Removing the "Log in with Okta" option

If you wish to remove Okta SSO as an option for your Curiosity application then go back to Menu / Settings / Accounts / Single Sign-On / Okta, clear the "Domain" text, and click Save. This will remove all four pieces of SSO configuration from the Curiosity application and the "Log in with Okta" option will no longer be presented.

Troubleshooting

You must enter the Domain, Authorization Server Name, Client ID, and Client Secret values correctly. If any of them are wrong then you may experience one of the following:

  • If the Domain, Authorization Server Name, or Client ID are wrong then you will be shown an error from Okta as soon as you are redirected from Curiosity to Okta.

  • If the first three values are correct but the Client Secret is wrong then you will be able to select an account but you will receive an error when you are redirected back to Curiosity.

It is also of vital importance that the "Redirect URI" that you set in the Okta application earlier was correct. If it is not then you will receive an error when you are directed to the Okta login page:

https://curiosity.slite.com/api/files/JXh26QSyP0/image.png

If you have with the default settings then it will look like this:

**

https://curiosity.slite.com/api/files/8CA8qOBQO/image.png
https://curiosity.slite.com/api/files/adtnu8BrZ/image.png
https://curiosity.slite.com/api/files/2mHNLrIar/image.png
https://curiosity.slite.com/api/files/DbXe_nj9~/image.png
https://curiosity.slite.com/api/files/iUPAfLiCz/image.png
https://curiosity.slite.com/api/files/19gEueAuu/image.png
Okta Single Sign-In (SSO)
https://www.okta.com/free-trial/FRT
https://dev-123456-admin.okta.com
https://companyname-admin.okta.com
https://acmecompany.curiosity.ai/api/oktasso/completed-login-attempt
installed a local instance of the application
http://localhost:8080/api/oktasso/completed-login-attempt**