Knowledge Base Administration Guide

Okta OIDC Application Integration

This guide walks through configuring an Okta Application to integrate with Simscope:

  • Okta Client ID
  • Okta Client Secret

BASE_URL (Base URL)

Note: all URL's specified on this page need to be prefixed with a BASE_URL:

  • When configuring the oidcapp use:
    • http://localhost:8081
  • When configuration Simscope, use your Simscope base web address. Examples:
    • https://simscope.company.com (https)
    • http://simscope:8080 (http with DNS hostname)
    • http://1.2.3.4:8080 (http with fixed IP address)

Create Okta OIDC App

  1. Go to your Okta Administration dashboard.
  • Example Okta URL: https://COMPANY.okta.com or https://dev-12345-admin.okta.com

  1. In the top-left corner, click ApplicationsApplications.

  2. Click Create App Integration.

  3. In the Create a new app integration page:

  • Sign-in methodOIDC
  • Application TypeWeb Application

Okta 1

  1. Click Next.

  2. In the New Web App Integration page, set the following fields:

Field NameField Value
App integration nameSimscope
Refresh Token
Sign-in redirect URIBASE_URL/oidc-callback
Sign-out redirect URIBASE_URL/logout
Login initiated byEither Okta or App
Login flowRedirect to app to initiate login (OIDC Compliant)
Initiate login URIBASE_URL/login?submit=oidc

Note: replace BASE_URL with the Base URL value at the top of this page (depending on which app you are configuring).

Okta 2

  1. Click Save.

  2. Copy the Client ID and Client Secret fields.

Okta 3

  1. Click the Assign button and either click Assign to Groups or Assign to People, (depending on whether you want to enable per-user or per-group access to Simscope).

Okta 4

  • Then click a user or group and click the Assign link on the right side.

  • After you are finished with user assignments, click Done.

  1. In the General tab, copy the Client ID and Client Secret fields to your config file.

  2. On the left pane, click Security and then API.

  3. On the right pane, click Tokens and then Create Token.

Okta API token

  1. Type any name for the token, and then Create Token.

Okta API copy

  1. Save this API token to your config file.

Okta app configuration is complete!

→ Back to Simscope OIDC.

Okta Iframe Embedding (within external Dashboards)

If you are embedding Simscope as an iframe within an external Dashboard app (like Google Sites) and see this error in your browser console when logging in:

Refused to frame 'https://xyz.okta.com/' because an ancestor violates the following
Content Security Policy directive: "frame-ancestors 'self'"

This indicates the authentication was rejected due to browser cookie security.

For Okta authentication, there are a few requirements to resolve this:

  1. Your Simscope Base URL must be a Secure https:// URL. It cannot be an http:// URL.

  2. In Okta, you must enable the option IFrame Embedding.

From the Okta Administration Dashboard:

  • Click CustomizationsOther.
  • Within the IFrame Embedding box, click Edit.
  • Check the Allow IFrame embedding checkbox and click Save.