eMite uses a Code Authorisation grant to support ‘Single Sign On’ to the eMite app. https://developer.mypurecloud.com/api/rest/authorization/use-authorization-code.html
The customer (Venerable Annuity) utilise OKTA for Single Sign On into PureCloud, but it seems to break the eMite ‘Single Sign On’. The customer doesn't have the 'SSO only' settings enabled. They also said that when they log in to Purecloud directly, they can access eMite with no issues.
Will appreciate any help on this.
Can you be more specific about what is broken?
Hi Tim,
When the customer uses OKTA for logging into Purecloud, when they try to access eMite, they are prompt to input their credentials again. The expectation is that once a user is authenticated with PureCloud (via whichever method), authentication should then be passed through to eMite via the code authorization grant.
Hello Hannah,
I will let @tim.smith comment as I don't have much experience with SSO via Okta.
But I think the question was to understand at which step of the Authorization Code grant flow the error occurs (which breaks the Single-Sign On).
If it is at the "login.mypurecloud.xxx/oauth/authorize" stage or when requesting the token from the code (at server side) with the login.mypurecloud.xxx/oauth/token.
And if the problem happens both in PureCloud Web Client and PureCloud Desktop client (Mac or Windows).
As a note, I have tried to create an Okta lab (via a free trial) and I have defined an Application there.
I have run a server app (using Authorization Code) using the code from the tutorial.
And I have defined a Custom Client App, exposed in "standalone" mode (Apps menu).
I could log in PureCloud Web Client using PureCloud credentials or selecting Okta, and I could display the Auth Code app properly (with no need to reenter crdentials).
I can't say if the problem could come from your server-side code (if it does something specific), if it could come from specific settings in their Okta application (what SAML settings they have defined for this application), or some other configuration in PureCloud organization that can affect SSO with Okta and using your app.
We can't investigate and don't have access to customer data/organization.
On my PureCloud sandbox, I unfortunately can't add the eMite app to try with my PureCloud & Okta environment. To see if the same problem happens (which would point to server-side issue in your app) or not (then maybe Okta application details or profile of users in Okta).
But if you have a sandbox where you would like to try the SSO access, or if there is a way for me to add the eMite integration without deploying it as a Premium App then let me know (I am based in Europe/Paris).
It could also be useful to ask the customer what configuration/information they have defined in the SAML settings of the Application (on Okta side) as there are few things which can be set there. Also if they have Sign-On rules in place (Okta side).
The idea here is just to let you find a way to reproduce the error if you can't troubleshoot in the customer purecloud environment directly.
Regards,
Hi Jerome,
Appreciate the detailed response. Is it okay to ask for your email address so we could communicate privately? This is so we could provide you a temporay eMite instance to test. We'll get the customer's SAML config settings as well. Let me know if this is possible.
I have just sent you my email via a direct/private message.
I can't guarantee I will be able to identify and to solve your problem. But happy to help, trying at least SSO with Okta on your org.
Regards,
There's another post about this here: https://developer.mypurecloud.com/forum/t/sso-prompting-login-in-web-page-in-script-that-is-using-oauth/8049/2
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.