Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Thinkific Okta SSO Integration


miniOrange provides a ready to use solution for Thinkific. This solution ensures that you are ready to roll out secure access to Thinkific using Okta within minutes. Okta as an IDP ( Identity Provider) helps you log in into Thinkific.

Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Prerequisites

  • Login into miniOrange Admin Console.
  • Click on Customization in the left menu of the dashboard.
  • In Basic Settings, set your company domain in Organization Name textfield.
  • Click Save. Once that is set, the branded login URL would be of the format https://<company_domain>.xecurify.com/moas/login
  • 2FA Two-Factor authentication for  : setting up branding

    Obtain the following information from Thinkific.

  • Login to your Thinkific, go to Settings. Click on Code & analytics.
  • Navigate to API.
  • Thinkific Single Sign-On (SSO): API and subdomain

  • You can find the API Key ( Shared Secret ) and Subdomain here.
  • Also, Obtain the Subdomain from here.
  • JWT Endpoint URL: Example : https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=

Follow the step-by-step Guide given below for Thinkific Single Sign-On (SSO) with Okta

1. Configure Okta as IDP


Configuring miniOrange as Service Provider (SP) in Okta
  • Log in to Okta.
  • In Okta Developer site, navigate to Applications > Applications.
  • Okta Single Sign On SSO okta applications

  • Click on Create App Integration. A popup with sign on methods is shown. Select SAML 2.0 & click on Next
  • Okta Single Sign On SSO new application integration

    Okta Single Sign On SSO Select Sign On method

  • Write any appropriate App name then click Next.
  • Okta Single Sign On SSO app name

    Okta Single Sign On SSO saml settings

  • For the above SAML configuration you need to get the Entity ID and ACS URL from miniOrange
  • Go to miniOrange Dashboard in the left navigation menu. Click on Add External IdP.
  • okta sso add external IDP

  • Now click on the Click here link to get miniorange metadata as shown in Screen below.
  • okt sso get miniorange metadata

  • For SP -INITIATED SSO section Select Show Metadata Details.
  • okta sso SPintiatedMetadata

  • Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.
  • Single sign on URL ACS URL copied from the miniOrange metadata section mentioned in the previous step.
    Audience URI (SP Entity ID) Entity ID or Issuer copied from the miniOrange metadata section mentioned in the previous step.

    For SLO configuration (optional)
    • For SLO configuration in okta go to the Configure SAML page , click Show Advanced Settings.
    • Okta Single Sign On SSO assign people in app

    • Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.
    • Encryption Certificate This is optional
      Enable Single Logout Enable the check box to Allow application to initiate Single Logout
      Single Logout URL Single Logout URL as mentioned in the Metadata Section
      SP Issuer Entity ID or Issuer as mentioned in the Metadata Section
      Signature Certificate X.509 Certificate can be downloaded from the Metadata Section

    • Click Next.

  • Add Attribute Statement & Group Attribute Statement if required & click on Next.
  • Select Okta Configuration type & click on finish.
  • Navigate to Assignment tab from Okta. Click on Assign & select Assign to People. Select the user from the popup & click on Done. You can also assign groups if required.
  • Okta Single Sign On SSO Assignment

    Okta Single Sign On SSO assign people in app

Configure Okta as Identity Provider (IDP) in miniOrange
  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider. Select SAML.
  • Okta Single Sign On SSO add IDP Okta Single Sign On SSO saml IDP

  • Now navigate to the Sign on tab from Okta & select View Setup Instructions. After selecting View Setup Instructions it will open new tab which contains Single Sign-On URL, Single Logout URL, Identity Provider Issuer & X.509 Certificate copy these data. This data is required for adding Identity Source in miniOrange.


  • Okta Single Sign On SSO adding identity source

    Okta Single Sign On SSO saml configuration

  • Enter appropriate IdP Name. Also add following details
  • IdP Entity ID Identity Provider Issuer from Okta
    SAML SSO Login URL Identity Provider Single Sign-On URL from Okta
    X.509 Certificate X.509 Certificate from Okta
    Single Logout URL [Optional] Single Logout URL from Okta
  • Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
  • Domain Mapping Can be used to redirect specific domain user to specific IDP
    Show IdP to Users Enable this if you want to show this IDP to all users during Login
    Send Configured Attributes Enabling this would allow you to add attributes to be sent from IDP
  • Click on save.
Test IDP Connection
  • Go to Identity Providers tab.
  • Click on Select>>Test Connection option against the Identity Provider you configured.
  • Okta Single Sign On SSO test connection

    Okta Single Sign On SSO  login

  • On entering valid Okta credentials you will see a pop-up window which is shown in the below screen.
  • Okta Single Sign On SSO SucessTestConnection

  • Hence your configuration of Okta as IDP in miniOrange is sucesssfully completed.

2. Setup Thinkific as SP

  • Login to miniOrange Admin Console.
  • Go to Apps Click on Add Application button.
  • Thinkific Single Sign-On (SSO) add app

  • Select JWT App.Click on Thinkific.
  • Thinkific Single Sign-On (SSO): saml jwt app

    Thinkific Single Sign-On (SSO): saml jwt app

    Thinkific Single Sign-On (SSO): add jwt app

  • In Add Apps tab enter the values and click on Save.
    Custom Application Name Choose appropriate name according to your choice.
    Description Add appropriate description according to your choice.
    Redirect-URL https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=
  • To configure App secret go to Edit against your configured app, Apps>>Select your app>>Edit
  • Thinkific Single Sign-On (SSO): edit-jwt-app

    Thinkific Single Sign-On (SSO): edit-jwt-app

    App Secret The API key fetched from Thinkific dashboard
    Signature Algorithm Choose HS256
  • Click on Save
  • Now, You can access Thinkific Account Using IDP credentials through the Single-sign-on URL as shown in image above.

3. Test SSO Configuration


  • Login to your Thinkific account.
  • On the Dashboard, Click on Desgin your site-> Theme library option.
  • thinkific Single Sign-On (SSO)desgin site

  • Click on Three Dots as shown in the below image and select EDIT CODE option from dropdown.
  • thinkific Single Sign-On (SSO) edit-code

  • Now, click on the Snippets link and search for meta_tag option and click on it.
  • thinkific Single Sign-On (SSO) snippets

  • Add Single Sign-On URL in the below format as shown in the image, (you will get this url from step 1) and click on Save button.
  • thinkific Single Sign-On (SSO) url

    thinkific Single Sign-On (SSO) login

  • Go to your Thinkific URL, click on SIGN IN button which will redirect you to miniOrange IdP Sign On Page.
  • Thinkific Single Sign-On (SSO): miniOrange Login

  • On accessing the Single sign-On URL as mentioned in the second step, you will be asked to enter your Okta credentials.
  • Thinkific Single Sign-On (SSO): miniOrange Login

  • On entering the valid credentials, you will be successfully logged into Thinkific.
  • Thinkific Single Sign-On (SSO): Thinkific Login

  • Log into Okta using your credentials.
  • Click on Admin to access the Admin Console, then click on Applications.
  • Click on Add Application and search for "Bookmark App", and Click Add in the left pane.
  • Choose an app name of your choice which will be the display name.
  • In the URL section, enter the SSO URL that is given in the JWT app.
  • Thinkific Single Sign-On (SSO): Thinkific add bookmark app

  • Click on Save.
  • On the End User-Dashboard, click on the Thinkific bookmark application configured, to test the SSO flow.
  • Thinkific Single Sign-On (SSO): verify configuration

  • You will be successfully logged into Thinkific.
  • Thinkific Single Sign-On (SSO): Thinkific Login

Our Other Identity & Access Management Products