Identity management via Okta

Pre-requisites

To set up an identity management application to manage authentication for NewStore apps, ensure that you have access to:

• Omnichannel Manager

• Okta admin console

Important

To enable users from your corporate directory to be able to use the NewStore applications, you have to create users, assign them to a store, and assign relevant roles in NewStore.

Setting up Okta with NewStore

This process involves working with Okta and Omnichannel Manager in tandem. Ensure you have access to both before you proceed.

1. Log into your Okta admin console and go to Applications > Applications.

2. Click Create App Integration.

3. In the Sign-in method area, select OIDC - OpenID Connect, and in the Application type area, select Web Application.

4. Click Next.

5. In the New Web App Integration screen that appears:

   1. In App integration name, enter either NewStore Staging or NewStore Production, based on the NewStore environment for which you are setting up the integration.

   2. In Sign-in redirect URIs, keep the default entry for now

   3. In Controlled access, select Skip group assignment.

      Note

      If you know which of your Okta groups should gain access to NewStore, configure them via Limit access to selected groups.

   4. Click Save.

6. In the NewStore <Environment> screen that appears, save the following values in a safe place. You'll need them in the next step.

   • Client ID

   • Client secret

   • Okta domain > you can copy the domain from the address bar in your browser, such as <your_sub_domain>.okta.com

7. Open the Omnichannel Manager in a separate tab.

8. Click Settings > Users & Roles > Single Sign-On.

9. Click Configure Single Sign-On.

10. Select Vendor OKTA.

11. Fill in the saved data from step 6.

    • Secret

    • Client ID

    • Okta domain

12. Click Connect.

13. Switch back to Okta admin console tab.

14. Scroll down to the General Settings section and click Edit

15. Replace the default Sign-in redirect URI with the Redirect URI from the Omnichannel Manager tab.

16. Replace the default Sign-out redirect URI with the Logout URL from the Omnichannel Manager tab.

17. Click Save

18. Allow access to your NewStore Staging and NewStore Production environments by assigning Okta groups to the respective applications.

19. Create a test user and assign it to an Okta group that has access to both NewStore Staging and NewStore Production environments.

    You can remove this test user after verifying with NewStore that the Okta integration has been successfully completed.

Single Sign-on is now successfully configured with Okta.

Updating client secrets in Omnichannel Manager

1. Log into your Okta admin console and go to Applications > Applications.

2. Search for NewStore

3. Open the application you want to update

4. In the Client Secrets section > Click Generate new secret

5. Open Omnichannel Manager.

6. Click Settings > Users & Roles > Single Sign-On.

7. Click on the displayed name OKTA.

8. Paste the new secret value in Secret form.

   Important

   Ensure this secret exists and is valid in Okta. There is no way to revert after updating the secret.

9. Click Update.

10. Click Confirm.

You have successfully rotated your secret.

Related topics

• Configuring identity and access management

• Identity management at NewStore via Microsoft Entra Active Directory

• Identity management at NewStore via Google Workspace