docs Okta EAM
Launch Nametag Get help

Okta ID External Authentication Method

Introduction

Nametag can be used as an Okta ID Multifactor Authentication Method. This guide will walk you through the steps to set up Nametag as an MFA provider for your Okta ID tenant.

Prerequisites

Before you begin, you will need the following:

  • An active Okta tenant on the Identity Engine with Admin permission.
  • A Nametag account with an active subscription and Admin permission.

Create an Okta ID directory

If you don’t already have an Okta ID integration configured in Nametag, you’ll need to establish one.

  1. Sign in to the Nametag Console
  2. Navigate to Configure > Directories.
  3. Click Add a directory and choose Okta.
  4. Follow the instructions to set up your Okta directory within Nametag.

Configure Authentication Policy in Nametag

  1. Navigate to Configure > Directories and select the directory you want to configure.
  2. In the External authentication method rules section, choose a policy for account binding. For more information about configuring binding policies see this document.
  3. Note the Client ID and Client Secret for the directory you just configured. You will need this value when setting up the external authentication method in the Okta External IdP.

Create an External Factor IdP in Okta

  1. Sign in to your Okta tenant.

  2. Navigate to Security > Identity Providers.

  3. Click Add identity provider*.

  4. Choose OpenID Connect IdP as the Identity Provider and click next.

  5. Provide the following information:

    • Name: Nametag
    • Set IdP Usage to Factor
    • Ensure Scopes is openid only
    • Client ID: CLIENT_ID (from the previous step)
    • Client Secret CLIENT_SECRET (from the previous step)
    • Issuer: https://nametag.co/okta/eam
    • Authorization endpoint: https://nametag.co/okta/eam/authorize
    • Token endpoint: https://nametag.co/okta/eam/token
    • JWKS endpoint: https://nametag.co/okta/eam/jwks
    • Userinfo endpoint: https://nametag.co/okta/eam/userinfo

  6. Click Finish to create the IdP.

  7. Navigate to Security > Authenticators and click on Add Authenticator. Then from the types of authenticators to add, select IdP Authenticator.

  8. In the Identity Provider drop down in settings, choose the IdP you just configured previously. Give it an authenticator name and branding. Click Add.

Testing Authentication

  1. In an incognito / private browsing window, navigate to your Okta Tenant sign in page.

  2. Enter your email address and password.

  3. You will be prompted to select an authentication method. If you already have a MFA method setup for the account you are logging into, you will be prompted to complete that verification. Afterward in your okta settings, you will be able to see the newly created Nametag factor which you can set up as an MFA factor.

  4. The Nametag MFA prompt for Okta will show up when selecting to set it up.

  5. Scan the Nametag QR code and verify your identity.

  6. Once the Nametag identity verification completes, your browser will automatically return to the Okta login view and signed in. The authentication process is now complete.