Single sign-on with Okta

Creating the App Integration in Okta

1. Sign-in to your Okta administrator account

2. Go to Applications, then click "Create App Integration"

3. Select "OIDC - OpenID Connect", and for the next question for application type select "Web Application". Click Next, and on the subsequent configuration screen ensure the following are set:

   1. App integration name: "Hotpot" (or whatever suits you!)

   2. [Optional] If you'd like to use a logo, we will provide one

   3. Ensure Refresh token under Core Grants is selected

   4. Under Sign-in Redirect add https://app.hotpot.works/sso/okta/callback

Configuring Hotpot to use Okta

Under Assignments, restrict access to a group or whatever works for your organization. This controls who is able to access Hotpot. Hotpot delegates access to Okta.

Go to https://app.hotpot.works/sso/setup, and enter your organization's domain to complete setup. Enter the OpenID Issuer URL, OpenID Client ID, and OpenID Client Secret.

The OpenID Issuer URL is available in Okta, if you click your name in the top right corner it will be displayed under your email address, with a copy button:

Click the copy icon, then paste it into the OpenID Issuer URL field on the Hotpot setup screen. The Client ID and Client secret fields can be copy and pasted from the General configuration in the Okta application view for the application you created.

Once you add those fields, click Update configuration. You can now sign in to Hotpot via Okta.

Sign-in URLs

Users will sign in via https://app.hotpot.works/sso/okta. The domain can be sent as a parameter, e.g., https://app.hotpot.works/sso/okta?domain=yourcompany.com and Hotpot will automatically initiate the sign-in process.