Skip to main content

Single sign-on with Okta

info

Hotpot doesn't yet have an application approved in the Okta Integration Network (OIN). So, to use Okta you must create an application. This guide will update when Hotpot is available in the OIN.

Create the app integration in Okta

To create the Hotpot application integration in Okta:

  1. Sign in to your Okta administrator account.

  2. Go to Applications > Create App Integration and click OIDC - OpenID Connect.

  3. Select the application type Web Application and click Next.

  4. Configure these settings:

    a. Add the App integration name "Hotpot" or whatever suits you!

    b. [Optional] If you'd like to use a logo, contact Hotpot and we can provide one.

    c. Under Core Grants, select Refresh token.

    d. Under Sign-in Redirect add https://app.hotpot.works/sso/okta/callback. This is not the URL used to sign in to Hotpot.

Configure Hotpot to use Okta

To configure Hotpot to use Okta:

  1. Under Assignments, restrict access to a group (or whatever works for your organization). This controls who can access Hotpot. Hotpot delegates access to Okta.

    danger

    Do not require PKCE. PKCE is for applications where the Client secret is directly available to users.

  2. Go to https://app.hotpot.works/sso/setup and enter your organization's domain.

  3. Enter the OpenID Issuer URL, OpenID Client ID, and OpenID Client Secret.

    a. Find the OpenID Issuer URL in Okta. Click your name in the top right corner and find it displayed under your email address.

    b. Click the copy icon, then paste it into the OpenID Issuer URL field on the Hotpot setup screen.

    c. Go to the General configuration in the Okta application view for the application you created.

    d. Copy and paste the client ID and secret into the Client ID and Client Secret fields on the Hotpot setup screen.

  4. Click Update configuration. You can now sign in to Hotpot with Okta.

Use sign-in URLs

Users sign in through https://app.hotpot.works/sso/okta If you send the domain as a parameter, like https://app.hotpot.works/sso/okta?domain=yourcompany.com, Hotpot automatically initiates the sign-in process.

info

If users attempt to sign in with a username and password, Hotpot won't give any indication that the email matches to an SSO-managed account. Users need to sign-in through the SSO URL.