Set Up Okta Authentication for Zone Employee Portal

1. Create an Okta Account

(Skip this if you already have your Okta Org URL, Client ID and Client Secret.)

1. Go to Okta Free Trial.

2. Fill in your email, name and organization domain.

3. Follow the email confirmation steps and set your password.

4. Log into your Okta domain (e.g., https://your-org.okta.com).

2. Create and Configure an Okta Application

Create an Application

1. In the Okta Admin Portal, go to Applications.

2. Click Add Application → Create New App.

3. Choose:

   • Platform: Web

   • Sign-on method: OpenID Connect

4. Click Create.

Configure Application Settings

1. Choose a name for your application.

2. Set the Login Redirect URI:

   • For global accounts:

      

     https://api.mypay.management/v1/ext-auth-callback

   • For EU-based accounts:

      

     https://api-eu.mypay.management/v1/ext-auth-callback

3. Click Save.

3. Assign Users to the Okta Application

Users must be assigned to the Okta application to log in to Zone Employee Portal.

1. In the Okta Admin Portal, go to Directory → People.

2. In the Application tab, click Assign Application.

3. Assign users to the created application.

4. Configure Okta Authentication in Zone Employee Portal

Required Information

You will need:

• Okta Org URL (e.g., https://your-org.okta.com)

• Client ID (from your Okta application)

• Client Secret (from your Okta application)

Steps to Configure

1. Log in to Zone Employee Portal as an admin.

2. Navigate to Setup → External Authentication Provider.

3. Click Create.

4. Fill in the details:

   • Name: Choose a name for the provider

   • Type: OKTA

   • Login Redirect URL:

      

     https://<your-domain>.okta.com/oauth2/v1/authorize

   • Client ID: (Paste from Okta Application)

   • Client Secret: (Paste from Okta Application)

5. Click Save.

After saving, you will see a "Login URL" generated.

Important:

• Users must use this URL to log in via Okta.

• The standard username/password login will not work for Okta-authenticated users.

5. How Users Can Log in Using Okta

Login Requirement

• The user must have an Employee record in Zone Employee Portal.

• If the Employee record does not exist, login will fail.

How to Log In

1. Users should navigate to the Login URL provided in:
   Setup → External Authentication Provider → Select authentication provider → Login URL

2. Admin must share this URL with all Okta-authenticated users.

6. Access Zone Employee Portal from Okta Dashboard

Add a Zone Employee Portal "Chiclet" in Okta

1. Go to Okta Admin Portal → Applications.

2. Select the Zone Employee Portal application.

3. In the General Settings, locate the "Initiate Login URI" field.

4. Set the "Login URL" from Zone Employee Portal’s External Authentication Provider settings.

Now, users can log in to Zone Employee Portal directly from Okta's dashboard using the chiclet.