Integrating Sitecore Content Hub with Okta Auth0 for Seamless Authentication (Part 1)

In today’s digital landscape, managing user access to multiple systems can be a complex and time-consuming task. Single Sign-On (SSO) solutions like Okta Auth0 simplify this by providing a centralized authentication mechanism. This two-part series will guide you through the process of integrating Sitecore Content Hub with Okta Auth0 for seamless and secure user authentication.

This first post will focus on the initial setup and configuration required to enable SSO between Sitecore Content Hub and Okta. The second part will cover role mapping and authorization, allowing you to control user permissions in Content Hub based on their roles in Okta.

Let’s get started!

Prerequisites

Before you begin, ensure you have the following:

• Administrator access to your Sitecore Content Hub instance.
• An Okta developer account with administrator privileges.

Step 1: Configure a New Application in Okta

The first step is to create a new application in your Okta admin dashboard. This application will represent your Sitecore Content Hub instance and handle the authentication requests.

1. Log in to your Okta admin dashboard via https://manage.auth0.com/.

2. Navigate to Applications > Applications and click Create App Integration.

1. Give your application a name (e.g., “Sitecore Content Hub”), select ‘Regular Web Application’ and click Create.

Step 2: Configure Open ID Settings in Okta

Now, you must configure your new application’s Open ID settings. This is where you’ll define how Okta communicates with Sitecore Content Hub. Please note, we are keeping it to the minimal required configurations to get the setup working. Other configurations are left with default values, which you need to validate for a safer and more suitable approach for your use cases.

Application URIs: Under Application > Settings

• Allowed Callback URLs: Okta Auth0 will only call back to any of these URLs after the user authenticates. You can specify multiple valid URLs by separating them by commas (typically to handle different environments like QA or testing). It normally follows the format https://<your-content-hub-url>/signin-OpenIDConnect.
• Application Login URI: In some scenarios, Auth0 must redirect to your application’s login page. This URI needs to point to a route in your application that should redirect to your login URLhttps://<your-content-hub-url>/en-US/Account.
• Allowed Web Origin: Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. You may use default Content Hub domains (ex: https://*.sitecorecontenthub.cloud) or custom domains, if you have configured any.

Step 3: Configure Authentication in Sitecore Content Hub

Next, you’ll need to configure the authentication settings in Sitecore Content Hub to enable SSO.

1. In your Content Hub instance, navigate to Settings > Authentication.

2. Under ExternalAuthenticationProviders add a new node for open_id_connect.

3. You will need to provide the following information from your Okta application. Refer to OpenID Connect configuration example - Sitecore Documentation for complete configuration options.

   • client_id : Find the value from Okta Auth0 > Applications > Settings
   • client_secret: Find the value from Okta Auth0 > Applications > Settings
   • authority: This is the Okta Auth0 tenant URL, which you find from under Tenant Settings. There is a default URL if you have not configured a custom domain.
   • metadata_address: Value follows the format of https://<okta-auth0-tenant-url>/.well-known/openid-configuration
   • response_type: code
   • is_enabled : true to enable the SSO Login via Okta Auth0.

Step 4: Finalize and Test the Integration

Once you have configured Okta and Sitecore Content Hub, you can finalize the setup and test the integration.

1. Save your changes in both Okta and Content Hub.
2. Navigate to your Content Hub instance in a new browser or incognito window.
3. You should be redirected to the Okta login page. Log in with your Okta credentials.
4. If the integration is successful, you will be redirected back to Content Hub and logged in.

Conclusion

You have successfully configured SSO between Sitecore Content Hub and Okta Auth0. This provides a seamless and secure authentication experience for your users. In the next part of this series, we will explore how to map user roles from Okta to Content Hub user groups, enabling you to manage user permissions centrally.

Stay tuned for Part 2!