Configuring SSO via the Enhanced Web Interface: Okta

2024-05-31

Version 1.0

Single Sign On allows Users to easily log in to all their applications with the same credentials. Eagle Eye Networks supports the use of SSO applications for the creation of accounts and the management of access. This document will detail how to set this up for Google and Microsoft Users.

1. Log in to the Enhanced Web Interface.

• User must be an Administrator to set up this functionality.

2. Click Admin.

3. Select Account Settings.

4. Click Identity Provider.

From here you can set up any of the SSO integrations you need. This document will cover Okta.

Enable Okta as the IDP

Okta: Select this option if you want to configure Okta authentication.

Prerequisites

• Create an account in Okta if you do not already have one.

• Obtain your Eagle Eye account ID.

Obtaining a redirectUri from Okta

1. Open your Okta administrator dashboard and select Applications > Applications from the left navigation menu. Click Create App Integration.

2. On the Create a New App Integration screen, select OIDC for Sign-in Method and Web Application for Application Type. Click Next.

3. On the New Web App Integration screen, enter the name for your app integration name and the URL for Sign-in redirect URIs. 

To get the redirect URI, call: {baseURL}/api/v3.0/accounts/self/ssoAuthSettings?include=ssoOidcIdpConfigUrls 

Example baseURL: api.c013.eagleeyenetworks.com

This call returns the redirectUri for your account.

4. The Application Integration Information appears on the next screen. The Client ID and Client Secret Information needed for configuring the VMS Cloud are found here.

5. On the Assignments tab, choose the people who can use this login option for the Cloud VMS.

6. In order to use IdP-initiated login, make the following configurations on the Application General tab.

7. In the Initiate Login URI box, enter: https://auth.eagleeyenetworks.com/sso?issuer={registrationId}&target_link_uri={webapp_url}

The registrationId is the last part of the redirectUri retrieved from Get {baseURL}/api/v3.0/accounts/self/ssoAuthSettings?include=ssoOidcIdpConfigUrls

For example, if you get

As a response, your registrationId is 00000011. The redirectionId is actually your Eagle Eye account ID. 

Your login URI will be:  https://auth.eagleeyenetworks.com/sso?issuer=00000011&target_link_uri=webapp_eagleeyenetworks.com

Configuring SP initiated SSO settings for Okta 

The Okta settings are shown below:

Update the Client ID and Client Secret with the values from the Okta application created in the prerequisites section. For the Issuer URL, you can use the actual Okta domain https://<your-okta-domain> , (Do not include “/” at the end.) 

SP initiated SSO flow

Log in to the application, 

1. Provide a non-administrator user account at the identifier first page. 

2. Login with Okta and provide consent. 

IdP initiated SSO flow

1. Go to https://<your-okta-domain>/app/UserHome.

2. Log in with a user who exists in your Eagle Eye Networks account with the same email.

3. Click on the Application you created to be redirected to the application.

Configuring automated user provisioning for Okta

1. Check the Add New Users if they Do Not Already Exist box in the Identity Provider Integration via Single Sign-on screen in the Cloud VMS interface.

2. Log into the application. Go to https://<your-okta-domain>/app/UserHome.

3. Log in with a user who does not exist in your een account with the same email.

4. Click the Application you created and you will be redirected to the application and auto-provisioned.

For support please email: support@een.com 

or give us a call at: 512-473-0501

Eagle Eye Knowledge Base

US: +1-512-473-0501 

EU: 31 (0) 20 26 10 461

ASIA PACIFIC: +81-(3)-6869-5477

#1 In Cloud Media Video Surveillance Worldwide

Copyright Eagle Eye Networks. All rights reserved.