We will create two applications:
The first application “Riot Admin” will allow administrators to connect to https://hub.tryriot.com. This application should only be assigned to Riot administrators.
The second application “Riot Employee Portal” will allow all employees to connect to their personal employee portal at https://portal.tryriot.com. This application can be assigned to all Okta users.
1️⃣ Configuring the Riot Admin application
Connect to your Okta Admin Console, and in the left menu, go to Applications > Applications
Click on the button “Create App Integration”.
Select “OIDC - OpenID Connect” for the Sign-in method, and select “Web Application” for the Application type.
Click “Next”.
Enter “Riot Admin” for the App integration name.
Enter https://api.tryriot.com/v2/hub/connect/oidc/callback for the Sign-in redirect URIs.
Click the small cross next to the URL in the section Sign-out redirect URIs to remove it.
If you already have a specific group containing all the persons who should have access to the Riot administration, choose “Limit access to selected groups” in the Assignments, Controlled access section, and select the group you want to use. Otherwise, you can choose “Skip group assignment for now” and do the assignments later.
Click “Save”.
Your application is now created.
On this page, you can retrieve the three values you will need to enter on the Riot platform:
The Client ID can be found in the Client Credentials section, and has a button to be copied easily.
The Client Secret can be found in the Client Secrets section, and also has a button to be copied easily.
Finally, your Okta URL can be found in the menu at the top right of the screen.
Put these values in the Riot platform in the corresponding fields.
We still need to adjust some additional settings to support connecting to Riot from the Okta dashboard directly. In General Settings, click on the “Edit” button, and in the LOGIN section, choose the following settings:
Login initiated by: Either Okta or App.
Application visibility: Enable “Display application icon to users”.
Login flow: Redirect to app to initiate login (OIDC Compliant).
Initiate login URI: Enter https://api.tryriot.com/v2/hub/connect/oidc/idp-initiate
Click “Save”.
Assignments
If you skipped the assignments before, you can do them now in the Assignments tab. You can either create a group dedicated to Riot administrators and assign this group, or assign some Okta users directly, or mix and match to fit your use-case.
In this example, we will use a group named “Riot Administrators”, which was created previously.
Go to the Assignments tab.
Click “Assign”, and click “Assign to Groups”.
Search for your group using the search input.
Click “Assign” on the corresponding group.
And finally, click “Done”.
The first application is now properly configured and should appear on the Okta dashboard for assigned users.
2️⃣ Configuring the Riot Employee Portal application
Connect to your Okta Admin Console, and in the left menu, go to Applications > Applications
Click on the button “Create App Integration”.
Select “OIDC - OpenID Connect” for the Sign-in method, and select “Web Application” for the Application type.
Click “Next”.
Enter “Riot Employee Portal” for the App integration name.
Enter https://albert.tryriot.com/portal/auth/oidc/callback for the Sign-in redirect URIs.
Click the small cross next to the URL in the section Sign-out redirect URIs to remove it.
In the Assignments > Controlled access section, you can select “Allow everyone in your organization to access”. If you prefer to try this with a small group of users first, you can select a specific group instead, or skip assignments and configure them later.
Click “Save”.
Your application is now created.
On this page, you can retrieve the three values you will need to enter on the Riot platform:
The Client ID can be found in the Client Credentials section, and has a button to be copied easily.
The Client Secret can be found in the Client Secrets section, and also has a button to be copied easily.
Finally, your Okta URL can be found in the menu at the top right of the screen.
Put these values in the Riot platform in the corresponding fields.
We still need to adjust some additional settings to support connecting to Riot from the Okta dashboard directly. In General Settings, click on the “Edit” button, and in the LOGIN section, choose the following settings:
Login initiated by: Either Okta or App.
Application visibility: Enable “Display application icon to users”.
Login flow: Redirect to app to initiate login (OIDC Compliant).
Initiate login URI: Enter https://albert.tryriot.com/portal/auth/oidc/idp-initiate
Assignments
If you skipped the assignments before, you can do them now in the Assignments tab. You can either assign this app to all user if you are onboarding all your employees on Riot, or create a group dedicated to the employees being onboarded and assign this group, or assign some Okta users directly, or mix and match to fit your use-case.
The second application is now properly configured and should appear on the Okta dashboard for assigned users.