Axonius Documentation
  1. Deploying the Axonius System
  2. Axonius Network Inspector Deployment

Configuring Single Sign-On for the Network Inspector

Use OpenID Connect (OIDC) to authenticate users to your Axonius Healthcare appliances through Okta. This configuration requires setup on both the appliance and in Okta, and each appliance needs its own redirect URI registered in Okta.

Prerequisites

  • Administrator access to your Okta organization
  • Administrator access to the Axonius Healthcare appliance
  • The external URL of your appliance (for example: https://appliance1.example.com)
  • An active Okta application configured for OIDC (or permission to create a new one)

Note: All users authenticated through OIDC are administrators on the appliance dashboard. A 5-minute session timeout applies after authentication, requiring reauthentication when expired. Break-glass username/password login is available if OIDC fails.

Step 1: Create or Select Your Okta Application

  1. In Okta, go to Applications and select Applications.
  2. Click Create App Integration or use an existing Axonius application.
  3. Select OpenID Connect (OIDC) as the application type.
  4. Choose Web Application as the application type.
  5. Enter an application name (for example, "Axonius Healthcare Appliance") and click Next.

Step 2: Configure OIDC Settings in Okta

  1. On the Create OpenID Connect Integration form, configure the following:

    • Application type: Select Web Application
    • Redirect URI: https://[appliance-url]/api/login/oidc/callback
    • Logout redirect URI: https://[appliance-url]/api/login/oidc/logout

    Replace [appliance-url] with your appliance's external URL (for example, https://appliance1.example.com).

  2. Under Assignments, configure which users or groups can access the appliance.

  3. Click Save to create the application.

Step 3: Obtain Okta OIDC Configuration

  1. After creation, on the General tab, locate and note the following values:

    • Client ID (under Client Credentials)
    • Client Secret (under Client Credentials — click Show to reveal)
    • Okta Domain (from your Okta organization URL, for example: yourdomain.okta.com)

  2. The OIDC configuration endpoint for Okta is: https://[your-okta-domain]/.well-known/openid-configuration

Configure the Appliance for Single Sign-On

To configure single sign-on for an appliance:

  1. Log in to the appliance using the standard login form.
  2. In the dashboard, click on the Key icon [SCREENSHOT] The Configure SSO dialog appears.
  3. From the Okta application Client Credentials, copy the Client ID and paste it into the Client ID field of the Configure SSO dialog for the appliance.
  4. From the Okta application Client Credentials, copy the Client Secret and paste it into the Client Secret field of the Configure SSO dialog for the appliance.
  5. Issuer URL is the URL of the Okta application page, removing admin from the URL.
  6. Click Validate to check that the identity provider application exists.
  7. Redirect URI - The Redirect URI is auto-generated. If you login using an IP address, the redirect URI includes that IP address. You need to replace the IP address in the Redirect URI with the proxy hostname.
  8. Click Save.