okta-widgetOverview

The state's new single sign on is now available: https://login.mt.gov.

What level of effort can agencies expect for implementing Okta?

As you work to implement Login.mt.gov (Okta), it is important that the developers are familiar with SAML authentication.  If your application is using a SAML solution (either a COTS product or ePass Montana), you should expect to spend approximately fifteen (15) hours of development work to implement Okta in an application.  Agencies should follow standard regression testing for verifying internal and external authentication after the implementation work has been completed.

The schedule is as follows:

June 30, 2021: Decommission date for ePass Montana. 


Interface Requirements

Login-Example

The below code snippets rely on Boostrap 4:

HTML

Login-HTML

CSS
        #okta-login a {
            color: #0090cb;
        }
        #okta-login a:hover {
            color: #0077B2;
        }
        #okta-login.login-wrapper {
            width: 300px;
            margin: 30px auto;
            text-align: center;
        }
        #okta-login .logo {
            width: 150px;
        }
        #okta-login {
            background-color: #3A5C81;
            border: solid 1px #14365B;
        }
        #okta-login .btn-danger {
            background: #7b1212;
            border: 1px solid #620000;
        }
        #okta-login .btn-danger:hover {
            background: #620000;
        }
Vertical Centering

When using Boostrap 4, one of the ways this can be achieved by adding the below CSS to the body tag.

        html, body {
            height: 100%;
        }
        body {
            display: -ms-flexbox;
            display: flex;
            -ms-flex-align: center;
            align-items: center;
            padding: 30px 0;
        }
Alternate Display

Another display option would be to put the logo on a button that matches your application colors, like the below examples:

Custom Button HTML


Developers

A good starting place is https://developer.okta.com. There you can find Okta's documenation as well as sign up for a free developer account that will give you a sandbox for experimenting with the Okta platform.

Another great source of information can be found on the IT Pro Page: IT Pro Page - Okta Information

The two primary authentication protocols available for your applications are OpenID Connect (OAuth) and SAML. For new application development, we recommend using OpenID Connect. You can find the well-known endpoints for the Okta OpenID Connect/OAuth authorization server at https://developer.okta.com/docs/reference/api/oidc/

We will have a ServiceNow form that the agency will fill out for an application registration into the Okta environments. We intend for SITSD to do the initial app registration and then delegate the "Application Administrator" role to the agency for any additional configuration changes and maintenance.

Public users will have an Okta account. They will login to this account using either Okta credentials (UserID and password) or a third-party social identity provider (e.g. Facebook, Google, Microsoft). State employees and contractors will use their Active Directory credentials to login to the Okta environment and applications.