Single sign-on (SSO) means that a user can log in using one identity provider (in this case, Okta) and access another application as well, without having to enter their credentials again for the second platform (CTC Admin).
This is how SSO works for Okta and CTC Admin:
- After SSO is configured and up and running (see Setting Up Your SSO Integration), your CTC Admin users will navigate to your corporate Okta identity provider's URL and log in there. Okta will authenticate the users and send signed tokens on to CalAmp, so they will be allowed to access CTC Admin.
- You can provide your users an easy method of logging in while still maintaining security. The SSO setup ensures that tokens are accepted only from the correct issuer and that only validated accounts are allowed access.
- You (or another CTC Admin admin user) will need to create users in CTC Admin with the needed roles and permissions. Your CTC Admin user roles remain unchanged, and you will need to maintain them as you have in the past.
- You will have two levels of access you can choose for your SSO implementation:
- Lax: Users can be authenticated with either SSO or a traditional username/password login.
- Strict: Users can log in ONLY using Okta SSO.
- Lax: Users can be authenticated with either SSO or a traditional username/password login.