candidate.fyi

This document guides IT administrators through setting up Candidate.fyi, a web application, with Okta using OpenID Connect (OIDC). OIDC extends OAuth 2.0 to include an ID token for verifying user identities, making it optimal for Single Sign-On (SSO) for cloud and mobile applications.

- An active Okta administrator account.
- Administrative access to Candidate.fyi.

Familiarity with OAuth 2.0 and OIDC principles.

Step 1: Register a New Application in Okta

Access Okta Admin Dashboard: Log in to your Okta Admin account.

Brows App Catalog: Search for candidate.fyi and add integration.

1. Leave the application label as candidate.fyi
2. Enter your Okta domain (
 1. If your domain is <code>https://[yourdomain.okta.com</code>] your Okta domain would be <code>yourdomain.okta.com</code>

1. Access Okta Admin Dashboard: Log in to your Okta Admin account.
2. Brows App Catalog: Search for candidate.fyi and add integration. 
3. Fill out the Integration Form: 
 1. Leave the application label as candidate.fyi
 2. Enter your Okta domain (
 1. If your domain is <code>https://[yourdomain.okta.com</code>] your Okta domain would be <code>yourdomain.okta.com</code>

Step 3: Configure Candidate.fyi with OIDC

Log into Candidate.fyi: Log into candidate.fyi at <a href="https://app.candidate.fyi" rel="nofollow noopener noreferrer" target="_blank">https://app.candidate.fyi</a>

Navigate to Okta Integration settings: Locate the section for Okta integration.

1. These can be found under 
2. <a href="https://app.candidate.fyi/settings/integrations?tab=Okta" rel="nofollow noopener noreferrer" target="_blank">https://app.candidate.fyi/settings/integrations?tab=Okta</a>
3.

1. This information can be found under Sign On tab in the new candidate.fyi application in Okta
2. Client ID: Enter the Client ID from Okta.
3. Client Secret: Enter the Client Secret from Okta.
4. Client Domain: This is the URL of your Okta domain, typically in the format <code>https://[yourdomain.okta.com</code>]. &lt;- We need the [yourdomain.okta.com]

1. Log into Candidate.fyi: Log into candidate.fyi at <a href="https://app.candidate.fyi" rel="nofollow noopener noreferrer" target="_blank">https://app.candidate.fyi</a>
2. Navigate to Okta Integration settings: Locate the section for Okta integration.
 1. These can be found under 
 2. <a href="https://app.candidate.fyi/settings/integrations?tab=Okta" rel="nofollow noopener noreferrer" target="_blank">https://app.candidate.fyi/settings/integrations?tab=Okta</a>
 3. 
3. Enter OIDC Details:
 1. This information can be found under Sign On tab in the new candidate.fyi application in Okta
 2. Client ID: Enter the Client ID from Okta.
 3. Client Secret: Enter the Client Secret from Okta.
 4. Client Domain: This is the URL of your Okta domain, typically in the format <code>https://[yourdomain.okta.com</code>]. &lt;- We need the [yourdomain.okta.com]

Under the <code>Assignments</code> tab of your Candidate.fyi application, click <code>Assign</code> to either individuals or groups as needed.

Ensure all intended users have access to Candidate.fyi through Okta.

1. Go back to your Okta Admin Dashboard.
2. Under the <code>Assignments</code> tab of your Candidate.fyi application, click <code>Assign</code> to either individuals or groups as needed.
3. Ensure all intended users have access to Candidate.fyi through Okta.

Service Provider-initiated Single Sign-On (SP-initiated SSO) allows users to access candidate.fyi by navigating directly to its URL. After successful authentication, users are redirected back to Candidate.fyi with appropriate authentication tokens.

Initiation Link: Users should start at <a href="https://app.candidate.fyi/" rel="nofollow noopener noreferrer" target="_blank">https://app.candidate.fyi</a> and select "Log in with Okta".

The user will then need to enter their email address and will be redirected to Okta for login if they are not already authenticated.

- Initiation Link: Users should start at <a href="https://app.candidate.fyi/" rel="nofollow noopener noreferrer" target="_blank">https://app.candidate.fyi</a> and select "Log in with Okta". 
- The user will then need to enter their email address and will be redirected to Okta for login if they are not already authenticated.

Identity Provider-initiated Single Sign-On (IdP-initiated SSO) allows users to start their session from the Okta dashboard. In this flow, users log into Okta first and then select the Candidate.fyi application icon from their Okta dashboard, which then logs them into Candidate.fyi automatically without needing to enter additional credentials.

Access Path: Users log in via their Okta dashboard by clicking the Candidate.fyi application icon, which directly initiates the session for Candidate.fyi.

- Access Path: Users log in via their Okta dashboard by clicking the Candidate.fyi application icon, which directly initiates the session for Candidate.fyi.

Prerequisites

Install from OIN

Integration Steps

Step 1: Register a New Application in Okta

Step 3: Configure Candidate.fyi with OIDC

Step 4: Assign Users and Groups in Okta

Supported Features

SP-Initiated SSO

IdP-Initiated SSO