Odoo Integration with Okta

Odoo Okta Integration

Odoo Integration with Okta

Okta Inc.

Okta is an identity and access management company that provides cloud software to other companies in order to help them manage and secure user authentication into applications. Additionally, it allows developers to build identity controls into applications, website web services as well as devices. 

With 10 products and 6 services available on the market, this San Francisco- based company helps enterprise businesses avoid security risks.

Odoo Okta Integration Workflow Diagram

Okta Products

These products are all about connecting your company to the right technologies, and the right people, in the most secure and optimized way possible. As listed on Okta’s official website, some of these products and services include the following:

  • Single Sign-On
        • Secure cloud single sign-on 
  • Universal Directory
        • 1 Directory for users, groups and devices
  • Advanced Server Access
        • Dynamic server access controls similar to multi-cloud infrastructure
  • API Access Management
        • Avoid API breaches
  • Multi-factor Authentication
        • Secure, intelligent access for your workforce and your customers
  • Authentication
        • Secure and seamless experience
  • User Management
        • Collect, store and manage user profile data at scale
  • B2B Integration
        • Optimize on your customer, partner and vendor relationships
  • Lifecycle Management
        • Easy-to-implement automation
  • Access Gateway
        • Extend modern identity to on-premises app and product your hybrid cloud
  • Workflows
        • No code identity automation and orchestration

These products exist to protect your workforce identity as well as your customer’s identity. In addition to securely enabling remote work (as needed due to the recent pandemic), Okta allows companies to adopt a zero-trust security model. This means that there’s no room for error when all preventative measures are in place in order to avoid data breaches. There are many other ways Okta protects one’s workforce – however, let’s look at the flipside of things; the customers. Beyond creating a frictionless registration process and login for your applications, Okta cultivates user trust by modernizing infrastructure and creating a seamless user experience without compromising on security. Furthermore, Okta works well without countless industries, including technology, travel and hospitality, non-profit, public sector – just to name a few.

Odoo ERP

Introducing Odoo ERP – On Demand Open Object is a business management system that combines a suite of business management software tools in order to improve business processes across a company. Not only is Odoo filled with a wide array of applications to choose from, their products are cost-effective and they deliver modular solutions. Additionally, Odoo has designed all its apps to help companies across all verticals with specific parts of their business. For example, the Sales team within a company may require an app that helps boost sales, while an Accounting team may need an app that helps manage finances. There is quite literally an umbrella app for all major departments within a company.

In fact, there are 30 Odoo enterprise apps which are licensed, and over 18,000 Odoo Community apps which are both free and open-source. This means that with open-source Odoo apps, developers can easily tweak them in order to tailor them to fit around your company’s needs and requirements.

There are many things Odoo ERP can do, and many more that it can help you achieve within the electronic and robotic repair industry. 

So how does Odoo ERP play into this?

The following is a quick summary of what a seamless Odoo integration with Okta looks like.

1) Users log into SSO (single sign-on)

Here, developers can create a User Account on Okta and assign users to the Okta Odoo Apps. In order to do so, they need to configure it on the SAML Provider and on the SAML ID for the Odoo users. Once that is done, the user can use Okta Odoo apps in order to log into the Odoo application.

SSO reduces the number of attack surfaces because users only log in once each day and only use one set of strong credentials. Reducing login to one set of credentials improves enterprise security. When employees have to use separate passwords for each app, they usually don’t – so if one platform is compromised, they all are.

2) Users try to access a webpages

When the user tries to access the Odoo webpage, the Okta login button will appear. When the user clicks on the Okta login button, it will redirect them to the Okta page — where the user will need to identify themselves with the two-factor authentication. Once the authentication is completed, the user will be automatically redirected to the Odoo application page.

3) Service providers checks the user’s credentials with the identity provider

4) Identity provider sends authorization and authentication messages back to service provider

5) User can now log into the app

The final step involves authenticating oneself on both the Okta and Odoo application, upon which the user can log into Odoo.

Bista Solutions Demo | Odoo Integration with Okta

Odoo ERP allows for several integrations. As such, Okta can easily be integrated into Odoo. A professional ERP provider will be able to integrate multiple platforms together as well as create customizations specific to your company.

Below, we will take you through what configurations were done in order to achieve the Odoo integration with Okta. 

Odoo Okta Integration

The image above is an example of a company dashboard that has Okta integrated into it. Now our goal is to combine Okta with Odoo.

How do we go about doing that?

When you click on Odoo from the options presented, you will be redirected to the following page – which is the Odoo page. Now, in order to access Okta within Odoo, you need to login using your Okta login credentials.

Odoo Okta integration

When you input your credentials (or click Okta Login if your credentials are already saved), you will be redirected to the company homepage that is connected to your Okta account. However, if the authentication is successful with Odoo and Okta, you will be redirected to the Odoo homepage with Okta connected.

Odoo Okta integration

So what steps need to be taken in order to achieve this seamless integration?

First off, you need to install Okta into the company dashboard and configure Okta and Odoo in the Okta dashboard.

On the Odoo side of things, we need to create a provider. In this instance, we have Okta as the sole provider. So, if we want to integrate Okta and Odoo – we need to keep the following key points in mind (see image below for reference). 

*This information can be found in Odoo under the Providers section.

Odoo Okta integration

  • Identity Provider Metadata

This will be provided by Okta and it’s in the XML format. This data has specific entity IDs as well as certificates generated by Okta. This information will be configured on the Odoo side of things.

  • Entity ID

This ID is important to verify between Okta and Odoo applications.

  • Metadata URL

Once we have successfully configured Odoo from the Okta side – then we will have this generated metadata URL. 

So remember in the first image, where we click on the Odoo application (for this example, let’s pretend we click on it from our phones) – when that Odoo app is clicked, the Identity Provider Metadata, Metadata URL, Odoo Public Certificate, Odoo Private Key, Signature Algorithm will all be checked from Okta to Odoo side as well as Odoo to Okta side in an encrypted format. Once everything is verified, that’s what leads to you being able to connect to Odoo via Okta. If something does not match up, then the user will not be able to log in.

  • Sign Attribute Mapping

This is relevant for when we create the Odoo application within Okta. In order to

successfully allow authentication – we need some configurations. This is done via Attribute Mapping. We need to set the IDP Response Attribute (name_id), Odoo Field (email). This basically means that we need to include the user’s name and email address somewhere.

So in Odoo, go to Settings >> Users & Companies >> Users

Odoo Okta integration

This will bring you to a list of user names (that you must manually put in). When you click on a user, you’ll be directed to the user’s page. All you really need to input is the user’s name and email address. Once that is configured, then you need to input the SAML provider.

Odoo Okta integration

As you can see, on the Odoo side (i.e. the Odoo platform as depicted in the image above), you see Okta under SAML provider. And in the SAML user id section, you see an email address.

So when you send in a login request, the Okta provider section will be checked, as will the SAML user ID. If they are a match, the next thing to be checked in the algorithm method and specific encryptions, the certifications as well as the entity ID.

If everything matches, then the user will be redirected to the Odoo page, where the user can login using their email address.

So far, we have covered three integrations that were done to connect Odoo and Okta.

  1. Involves one configuration from the Okta side
  2. Involved a configuration from the Odoo side
  3. The third configuration is from the SAML user side as explained above

So let’s discuss the fourth and final one – a customization. Upon the integration, once a user logs out of Odoo, they will be automatically redirected to the company Okta dashboard. Essentially, anytime the user wants to log into Odoo via the Okta dashboard, they need to be logged in with the Okta credentials – click on the Odoo app and authenticate in order to access the Odoo app. If they logout of the Odoo app, they will be redirected back to the Okta dashboard – and will have to repeat the process in order to log back in. This was a customization, where the Odoo username and password login was disabled to further secure the back and forth.

Odoo Okta Integrations

As you can see in the image above, if you click on the checkbox – you will allow users to login using their Odoo credentials (as you will see in the image below).

Odoo Okta Integration

But by default, that box isn’t checked – therefore users must use their Okta credentials to log into Odoo. 

Another way to tighten the security is by using a 2-factor authentication. In this instance, the application Odoo Verify can be used on android phones to achieve this.

Odoo ERP Providers – Bista Solutions

When it comes to Odoo integrations, Bista provides tailored solutions to best meet the clients’ needs. 

Additionally, we have nearly two decades of experience implementing ERP solutions across various industries, and have been awarded Odoo Best Partner across North America for the fourth time. So you can rest assured, our team has the knowledge, experience and expertise to help you reach your goals. 

If you would like more information or a free consultation / demo, connect with us via the Contact Form on our website, or give our ERP consultants a call at 1 (858) 401 2332.