Okta configuration guide for ellie.ai
Important notice
There are 2 ways of integrating Okta with Ellie.ai
Using manual okta integration (recommended), use this guide
Using the Okta Integration Network catalogue, see the steps bellow
Prerequisites
Have an existing account (i.e. your organization’s own subdomain) with ellie.ai
Have administrator privileges on your Okta organization
Okta groups you want to grant a certain ellie.ai role (read, write, admin)
Supported features
SP-initiated SSO
IdP-initiated flow
Create users
Assign a role to an Okta group
Update user role
Procedure
Go to the Okta Integration Network catalogue and find the ellie.ai app and add it to your applications.
After installing the application navigate to the Sign On tab. Here you can find the Client ID and Client secret. If you follow the OpenID Provider Metadata link you can find your issuer URI at the key issuer.
In the Assignment tab you can configure the groups that can access the application. We recommend to only assign the groups with a role to make sure every user accessing the app has a role.
To configure your Okta SSO configuration login to your Ellie environment as an Admin user and go to Admin Tools → Metadata & SSO → Turn Okta On, to start the Okta Setup. See the example bellow:
For your “Okta configuration” you’ll need the following information:
Client ID
Client secret
Issuer URI
Your Okta group role mapping (ie: “ellie-write” → write)
API token to view the group memberships of an authenticated user (guide to create an API token)
If you have any questions or need help, reach out to support@ellie.ai.
Group role mapping
ellie.ai has 4 different roles:
Read: the user can read all the models and entities
Contributor: the user can read all the models and entities in organization folder and it’s subfolders. Can copy assets to personal folder, and make changes and create new assets in the personal folder. The user can then share their assets to Admin or Write user for review.
Write (includes all the read privileges): the user can create and edit models, entities and collections (if a model or entity is in a restricted collection, then the user will only have read permission)
Admin (includes all the write privileges): the user can create and edit all models, entities and collections, also they can restrict a collection to a list of editors. Admins can also change some organization settings, import and export the glossary, and manage API tokens.
You can assign an Okta group to an ellie.ai role.
If a user is a member of groups with different roles, then they will be assigned the highest role.
If a user is not a member of any groups with a role then they will not be permitted to use ellie.ai. It is very important that every user that has access to the app is a member of a group with a role.
You do not need to create the ellie.ai roles.
The roles are not configurable and limited to read, contributor, write and admin.
SP-initiated SSO
Here are the steps to follow to if you want to authenticate yourself using Okta from ellie.ai’s login page.
Go to your ellie.ai login page (you may need to logout first)
Click on the “Login using Okta“ button
You will be redirected to your organization’s Okta login page
Fill in your Okta account credentials
Click on the “Sign In“ button
You will then be redirected to your ellie.ai dashboard
Steps 3 to 5 may be omitted if you already have an active Okta session.