docs Okta EAM
Launch Nametag Get help

Okta External Authentication Method

Introduction

Nametag can be used as an Okta IDP authenticator. This guide will walk you through the steps to set up Nametag as an MFA provider for your Okta tenant.

Prerequisites

Before you begin, you will need the following:

  • An active Okta tenant on the Identity Engine with Admin permission.
  • A Nametag account with an active subscription and Admin permission.

Create an Okta directory

If you don’t already have an Okta integration configured in Nametag, you’ll need to establish one.

  1. Sign in to the Nametag console
  2. Go to Configure > Directories.
  3. Select Add a directory and choose Okta.
  4. Follow the instructions to set up your Okta directory in Nametag.

Configure authentication policy in Nametag

  1. Go to Configure > Directories and select the directory you want to configure.
  2. In the External authentication method rules section, choose a policy for account binding. For more information about configuring binding policies see this document.
  3. Note the Client ID and Client Secret for the directory you just configured. You will need this value when setting up the external authentication method in the Okta External IDP.

Create an external factor IDP in Okta

  1. Sign in to your Okta tenant.

  2. Go to Security > Identity Providers.

  3. Select Add identity provider.

    Add identity provider

  4. Choose OpenID Connect IDP as the Identity Provider and select next.

    Select identity provider

  5. Provide the following information:

    Name
    Nametag
    IDP Usage
    Factor
    Scopes
    openid only
    Client ID
    CLIENT_ID (from the previous step)
    Client Secret
    CLIENT_SECRET (from the previous step)
    Issuer
    https://nametag.co/okta/eam
    Authorization endpoint
    https://nametag.co/okta/eam/authorize
    Token endpoint
    https://nametag.co/okta/eam/token
    JWKS endpoint
    https://nametag.co/okta/eam/jwks
    Userinfo endpoint
    https://nametag.co/okta/eam/userinfo
    Configure OpenID Connect IDP

  6. Select Finish to create the IDP.

  7. Go to Security > Authenticators and select Add Authenticator. Then from the types of authenticators to add, select IDP Authenticator.

    Add authenticator

  8. In the Identity Provider drop down in settings, choose the IDP you just configured previously. Give it an authenticator name and branding. Select Add.

    Add IDP authenticator

Testing authentication

  1. In an incognito / private browsing window, go to your Okta Tenant sign in page.

  2. Enter your email address and password.

  3. You will be prompted to select an authentication method. If you already have a MFA method setup for the account you are logging into, you will be prompted to complete that verification. Afterward in your okta settings, you will be able to see the newly created Nametag factor which you can set up as an MFA factor.

    Select authentication method

  4. The Nametag MFA prompt for Okta will show up when selecting to set it up.

    Verify with Nametag prompt

  5. Scan the Nametag QR code and verify your identity.

  6. After the Nametag identity verification completes, your browser will automatically return to the Okta. The authentication process is now complete.