Okta is a leading cloud-based identity management system. Banyan integrates with your organization’s Okta account to authenticate enterprise users that need access to Banyan-secured services.
In order to set up this integration, you need administrative access to Okta and the ability to add a new application integration to Okta.
The Okta/Banyan Security integration currently supports the following features:
1a. Navigate to Settings > TrustProvider Settings > Identity Provider and then set your Identity Provider Protocol to OIDC and your User Identity Provider to OKTA.
You will fill out these Identity Provider configuration fields after you set up the new application integration in Okta.
1b. Take note of the Redirect URL provided in the configuration field. You will need it for the steps in Okta below.
2a. Log in to your Okta account.
2b. Switch to the Okta Classic UI for this guide.
2c. Navigate to Applications > Applications and then click Add Application.
2d. Click Create New App.
2e. Leave the Platform set to
Web, set the Sign on method to
OpenID Connect, and then click Create.
3a. Name the application integration Banyan TrustProvider and upload the Banyan Logo.
If you are configuring an application integration for Device Registration, then name this application Banyan DeviceRegistrationProvider.
Login redirect URIs field, use the Redirect URL you obtained in Step 1b, and then click Save.
4a. Navigate to Sign On > OpenID Connect ID Token and then click Edit.
4b. Set the Group claims filter to
Filter, name the claim
groups, and set the Matches regex to
.* to ensure the token issued by Okta contains all the user’s group information. Then, click Save.
5a. Navigate to Assignments, then click Assign > Assign to Groups.
5b. Assign the Banyan TrustProvider app to “Everyone”, and then click Done. This will allow Banyan to federate authentication of all users in your organization to Okta.
Note: You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.
6a. Return to Sign On tab and take note of the Issuer URL (Sign On). You will need it for the steps in the Banyan Command Center below.
Note: Banyan currently does not support Okta Custom URLs that aliases your Okta organization’s domain name to a subdomain that you own. That is, an IssuerURL of the form
example.oktapreview.com will work; however, an aliased IssuerURL of the form
login.example.com will not work.
6b. Navigate to the General tab and take note of the Client ID and Client secret provided in the Client Credentials fields. You will need them in the Banyan Control Center below.
If you are configuring Device Registration Provider for Passwordless Authentication, then enter the values using Device Registration Provider Config (optional) section.
7a. Return to the Identity Provider page in the Banyan Command Center (Settings > TrustProvider Settings > Identity Provider) and enter the Banyan TrustProvider App parameters from Okta:
7b. Click Update Identity Provider Config to save the settings.
That’s it! You have successfully integrated Okta to manage your directory of users in Banyan.