The following support article documents how a particular customer has integrated the intranet as an authenticated app.
Okta is a federated identity service which acts as a central "point of truth" for the authentication of users to multiple applications. Its supports multi authentication options. Intranet Connections can be integrated with Okta as an authenticated app.
Intranet Connections is a web based application that can provide login authentication against an AD server for single sign-on, but currently does not support SAML based authentication. Okta supports this type of application through its SWA protocol. Full details are available from Okta: Directory Integration with Okta
How It Works
Without Okta, Intranet Connections provides SSO with AD Directory through integration with Microsoft's SSO architecture. When a user visits the intranet in their browser, the user's current Active Directory user name and password, entered when the user first logged into their computer, is automatically passed to the intranet web application for authentication.
With Okta, the user's Active Directory user name and password are passed to the intranet web application via the Okta browser plugin. Because the credentials are managed by Okta, Okta can add additional authentication controls in addition to user name and password.
For this to work you must:
- Enable delegated authentication in Okta. Active Directory authenticates users when they sign into Okta. The user's Okta credentials are then same as their Active Directory credentials.
- Add the intranet as a application in Okta as a "Template Basic Auth App"
- For the app set the URL to http://<server_name>
- For the app set the Auth URL to http://<server name>/login/site_login.cfm?redirect=1&page=index.cfm
- For the app, enable Browser plugin auto-submit
User computers must have the plugin installed.
When this is configured correctly, users authenticate to Okta, and then click the link to the application from Okta. When they click the link, the plugin then passes the Windows Authentication information to Intranet Connections login page.