The following support article documents how a customer has integrated the intranet as an authenticated app.
Okta is a federated identity service which acts as a central "point of truth" for the authentication of users to multiple applications. It supports multiple authentication options. Intranet Connections can be integrated with Okta as an authenticated app.
Intranet Connections is a web based application that can provide login authentication against an AD server for single sign-on, but currently does not support SAML based authentication. Okta supports this type of application through its SWA protocol. Full details are available from the Okta whitepaper: Directory Integration with Okta.
How It Works
Without Okta, Intranet Connections provides SSO with AD Directory through integration with Microsoft's SSO architecture. When a user visits the intranet in their browser, the user's current Active Directory username and password, is automatically passed to the intranet web application for authentication.
With Okta, the user's Active Directory username and password are passed to the intranet web application via the Okta browser plugin. Because the credentials are managed by Okta, Okta can add additional authentication controls in addition to username and password.
Enable delegated authentication in Okta. Active Directory authenticates users when they sign into Okta. The user's Okta credentials are then the same as their Active Directory credentials. To do this:
- Add the intranet as an application in Okta as a "Template Basic Auth App"
- For the app set the URL to http://<server_name>
- For the app set the Auth URL to http://<server name>/login/site_login.cfm?redirect=1&page=index.cfm
- For the app, enable Browser plugin to auto-submit
- User computers must have the plugin installed
When this is configured correctly, users authenticate to Okta, and then click the link to the application from Okta. When they click the link, the plugin then passes the Windows Authentication information to Intranet Connections login page.