Skip to main content
All CollectionsSingle Sign On (SSO) Setup
Blueink SSO Setup: Okta OIDC
Blueink SSO Setup: Okta OIDC

In this help article, we will explore how to set up SSO using OKTA OIDC.

Raymund Mission avatar
Written by Raymund Mission
Updated over a week ago

Overview

This document contains instructions to configure Single Sign-On (SSO) in Blueink

eSignature App using an Okta OIDC connection.

The target audience for this document is Blueink customers who use Okta as their IdP (Identity Provider).

If you want to setup SSO using a different IdP or Okta connection type, please visit

help.blueink.com for additional guides. If you would like to test out using Okta as an IdP for login into Blueink eSignatures (and into other Apps that support SSO), you can create a free Okta developer account at developer.okta.com/signup/.

Prerequisites

These instructions should be followed by someone who is an Admin of an Okta account or who otherwise has permissions to create and configure customer applications in Okta.

Summary Instructions

A quick summary of the steps is as follows. Detailed instructions, with screenshots, can be

found in the following section.

  1. Log into Okta as an administrator

  2. Create a new App Integration from the Applications tab, and select OIDC - OpenID Connect and Web Application

  3. Enter a name (e.g. “Blueink”) and optional logo

  4. Under Grant type, select Authorization Code

  5. In the Sign-in redirect URIs section, add the REDIRECT URL provided by Blueink CONNECTION object

  6. Under Controlled access, select Allow everyone in your organization to access and Enable immediate access with Federation Broker Mode and save.

  7. In the General tab of your newly created Okta application, locate the Client ID in the Client Credentials section and Secret in the Client Secrets section, and send it to Blueink. Blueink will respond when we have configured the SSO on our end.

  8. Test a login by using the email address of a user that already exists in your Blueink eSignature account. Visit this URL to login:
    a. https://secure.blueink.com/auth/login

Detailed Instructions

Once you're logged in to the Okta Admin Dashboard, click Create App Integration in the

Applications tab:

Select OIDC - OpenID Connect and Web Application and enter the name of your application and (optionally) your application's logo.

Assign Users and Groups to the new App in Okta

Under Grant type, select Authorization Code:

In the Sign-in redirect URIs section, add the REDIRECT URL provided by Blueink CONNECTION object.

Under Controlled access, select Allow everyone in your organization to access and Enable immediate access with Federation Broker Mode and save.

Send Client ID and Secret to Blueink

In the General tab of your newly created Okta application, locate the Client ID in the Client Credentials section and Secret in the Client Secrets section. Please send these via email to your Blueink Account rep, or to the Blueink support person assisting with your SSO configuration.

Blueink will setup the SSO connection on our end, and respond to you once that is complete. Typically, this process is quick.

The screenshot below shows where to find the Client ID and Secret:

Test Your Blueink SSO Connection

Now that you have an SSO Connection set up, you can test it out as follows:

  1. Log out of any active Blueink sessions in your browser

  2. Visit the test SSO login page at: https://secure.blueink.com/auth/login

  3. Enter your email address and you should be redirected to your Okta login page to enter your credentials

  4. You should then be redirected back to the Blueink dashboard

If you have any issues, don't hesitate to reach out to [email protected].

Conclusion:

By following these instructions, you'll be able to configure Single Sign-On (SSO) in Blueink eSignature App using an Okta OIDC connection. Should you require support during the setup process, please don't hesitate to reach out to [email protected]. Kindly note that the metadata URL should also be sent to this email address for assistance with SSO setup.

Did this answer your question?