Skip to content

Verisk's Okta Authentication Registration

Sequel Security Services allows external providers for authentication like Okta. This registration process should be done for each client.

This document describes preliminary steps to be done by Sequel to register a Sequel Application in the Veriks's Okta tenant.

Registering Sequel App at Verisk's Okta

Registering an application in Verisk's Okta tenant using OpenId Connect must be requested at https://oneverisk.service-now.com/sp/. You can access from Okta home page https://verisk.okta.com/app/UserHome.

This document tries to provide samples of the process. Please, keep in mind that registration process could be changed, so always follow Verisk indications.

Required information

For registering an application in Okta we need the following information:

Application description

The most important value here is the application name. This is a friendly name for the application; we will suggest to use Sequel Authentication Service; but this can be changed and also it could include references to production or UAT environments (ie. Sequel Authentication Service - Production, Sequel Authentication Service - UAT).

There are more information that we can provide to register the application, but these information is complementary and not key for the integration, like:

  • description
  • logo image
  • application owner's name: We recommend to assign as owner to the technical lead resposible of the target environment we are protecting.
  • target users: from SuppApp team we think that in most of the cases this authentication is going to be used to protect development environments; so the target users probably will be Internal Employees.

Integration type

The integration type must be OIDC; and this will require to provide below information:

  • application type: Web
  • grant types: we can select multiple options; for this purpose we need Implicit (Hybrid)

Important

Redirect URIs are case sensitive.

Login redirect URIs

After Okta authenticates a user's sign-in request, Okta redirects the user to one of these URIs. This is a public URI of the Sequel's authentication service. Usually, it looks like this: Sequel-AuthN-Base-URI/signing-okta-oidc (e.g. https://sequel_domain/Authentication/signing-okta-oidc). For this implementation the URI will be:

https://TO_BE_CONFIRMED/signing-okta-oidc
Logout Redirect URIs

After your application contacts Okta to end the session, Okta then redirects the user to one of these URIs. This is a public URI of the Sequel's authentication service. Usually, it looks like this: Sequel-AuthN-Base-URI/signout‐okta-oidc (e.g.https://sequel_domain/Authentication/signout-okta-oidc). For this implementation the URI will be:

https://TO_BE_CONFIRMED/signout-okta-oidc
Login initiated by

The login process can be started from the application itself, as we traditionally do; or be started from the Okta home page. This option allows to register our app on the Okta Hompage (Either Okta or App) or just allow start login from the application, that will redirect the flow to Okta (App only). Please, select here the option you prefer.

Initiate Login URI

Include a URI to have Okta initiate the sign-in flow. When Okta redirects to this endpoint, the client is triggered to send an authorize request. If you have selected login initiated by either Okta or App, you will need it. Our recommendation is to populate this value with you main URL for entering the application. This could be difficult to determine when multiple Sequel apps are deployed (Claims, UW, Broking,...)

Initial Users to Provision

Provide a comma separated or line delimited list of users' iNumbers to receive access when the integration is established: i00001, i00002, i00003

Register an application

As a summary of this process, we will have to perform the following steps:

  1. From Verisk's Okta portal: https://verisk.okta.com/app/UserHome.

  2. Go to servicenow (https://oneverisk.service-now.com/sp/).

  3. Open an Okta Integration Request. This could be found by navigating in the catalog to Home > All Catalogs > Service Catalog > Hosting & Infrastructure > Cloud Support or searching by Okta Integration Request. Verisk-Okta-RegisterApp-Applications.png

  4. Populate all information requested as described on Required information. Submit, including information on required approver(s), notes and watch list. At SuppApp Team we are keen to be included as approvers, so we can review settings are right.

  5. Verisk will provide you the domain where is configured, the client Id (aka application Id) and the client secret. If they are not provifing you one of those values; please request them.

Verisk's Okta configuration request

In case you could need changes on your Okta configuration, there is a Okta Operation Request option on servicenow to request changes.

Verisk-Okta-Requests.png

Registering users for SSO

Once Sequel App is registered in Okta, the next step is create the users in Sequel Security Services ensuring users are created using the same email provided by Okta in the claims. This email must be stored in the email or SsoUsername fields at the users records.

TFS configuration

With above information (clientId, client secret and domain), deployment can be configure. See screenshot from a configuration on TFS for automatic deployment:

Verisk-Okta-TFS-config.png