• Home
• App Integrations
• Single Sign-On Integrations
• Thinkific Okta SSO Integration

Thinkific Okta SSO Integration

---

miniOrange provides a ready to use solution for Thinkific. This solution ensures that you are ready to roll out secure access to Thinkific using Okta within minutes. Okta as an IDP ( Identity Provider) helps you log in into Thinkific.

Prerequisites

• Login into miniOrange Admin Console.
• Click on Customization in the left menu of the dashboard.
• In Basic Settings, set your company domain in Organization Name textfield.
• Click Save. Once that is set, the branded login URL would be of the format https://<company_domain>.xecurify.com/moas/login




Obtain the following information from Thinkific.

• Login to your Thinkific, go to Settings. Click on Code & analytics.
• Navigate to API.



• You can find the API Key ( Shared Secret ) and Subdomain here.
  
• Also, Obtain the Subdomain from here.
• JWT Endpoint URL: Example : https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=

Follow the step-by-step Guide given below for Thinkific Single Sign-On (SSO) with Okta

1. Configure Okta as IDP

Configuring miniOrange as Service Provider (SP) in Okta

• Log in to Okta.
• In Okta Developer site, navigate to Applications > Applications.



• Click on Create App Integration. A popup with sign on methods is shown. Select SAML 2.0 & click on Next





• Write any appropriate App name then click Next.





• For the above SAML configuration you need to get the Entity ID and ACS URL from miniOrange
• Go to miniOrange Dashboard in the left navigation menu. Click on Add Identity Providers >> Add Identity Provider.



• Now click on the Click here link to get miniOrange metadata as shown in Screen below.



• For SP -INITIATED SSO section Select Show Metadata Details.



• Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.

Single sign on URL	ACS URL copied from the miniOrange metadata section mentioned in the previous step.
Audience URI (SP Entity ID)	Entity ID or Issuer copied from the miniOrange metadata section mentioned in the previous step.



For SLO configuration (optional)
• For SLO configuration in okta go to the Configure SAML page , click Show Advanced Settings.



• Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.

Encryption Certificate	This is optional
Enable Single Logout	Enable the check box to Allow application to initiate Single Logout
Single Logout URL	Single Logout URL as mentioned in the Metadata Section
SP Issuer	Entity ID or Issuer as mentioned in the Metadata Section
Signature Certificate	X.509 Certificate can be downloaded from the Metadata Section



• Click Next.


• Add Attribute Statement & Group Attribute Statement if required & click on Next.
• Select Okta Configuration type & click on finish.
• Navigate to Assignment tab from Okta. Click on Assign & select Assign to People. Select the user from the popup & click on Done. You can also assign groups if required.

Configure Okta as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Provider. Select SAML.



• Now navigate to the Sign on tab from Okta & select View Setup Instructions. After selecting View Setup Instructions it will open new tab which contains Single Sign-On URL, Single Logout URL, Identity Provider Issuer & X.509 Certificate copy these data. This data is required for adding Identity Source in miniOrange.







• Enter appropriate IdP Name. Also add following details

IdP Entity ID	Identity Provider Issuer from Okta
SAML SSO Login URL	Identity Provider Single Sign-On URL from Okta
X.509 Certificate	X.509 Certificate from Okta
Single Logout URL [Optional]	Single Logout URL from Okta

• Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:

Domain Mapping	Can be used to redirect specific domain user to specific IDP
Show IdP to Users	Enable this if you want to show this IDP to all users during Login
Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP

• Click on save.

Test IDP Connection

• Go to Identity Providers tab.
• Click on Select>>Test Connection option against the Identity Provider you configured.





• On entering valid Okta credentials you will see a pop-up window which is shown in the below screen.



• Hence your configuration of Okta as IDP in miniOrange is successfully completed.

2. Setup Thinkific as SP

• Login to miniOrange Admin Console.
• Go to Apps Click on Add Application button.



• Select JWT App.Click on Thinkific.







• In Add Apps tab enter the values and click on Save.

  Custom Application Name	Choose appropriate name according to your choice.
  Description	Add appropriate description according to your choice.
  Redirect-URL	https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=

• To configure App secret go to Edit against your configured app, Apps>>Select your app>>Edit






App Secret	The API key fetched from Thinkific dashboard
Signature Algorithm	Choose HS256

• Click on Save
• Now, You can access Thinkific Account Using IDP credentials through the Single-sign-on URL as shown in image above.

3. Test SSO Configuration

• SP Initiated Login
• IDP Initiated Login

• Login to your Thinkific account.
• On the Dashboard, Click on Desgin your site-> Theme library option.



• Click on Three Dots as shown in the below image and select EDIT CODE option from dropdown.



• Now, click on the Snippets link and search for meta_tag option and click on it.



• Add Single Sign-On URL in the below format as shown in the image, (you will get this url from step 1) and click on Save button.





• Go to your Thinkific URL, click on SIGN IN button which will redirect you to miniOrange IdP Sign On Page.



• On accessing the Single sign-On URL as mentioned in the second step, you will be asked to enter your Okta credentials.



• On entering the valid credentials, you will be successfully logged into Thinkific.

• Log into Okta using your credentials.
• Click on Admin to access the Admin Console, then click on Applications.
• Click on Add Application and search for "Bookmark App", and Click Add in the left pane.
• Choose an app name of your choice which will be the display name.
• In the URL section, enter the SSO URL that is given in the JWT app.



• Click on Save.
• On the End User-Dashboard, click on the Thinkific bookmark application configured, to test the SSO flow.



• You will be successfully logged into Thinkific.

External References

• What is SSO and How does it work?
• What is Customer Identity and Access Management (CIAM)?
• Know about Social Login Solution
• Read more about "What is JWT" & how does it work?
• Enable SSO with Okta as IDP