# Registering an OAuth App on Okta

## Introduction

The Innova API can be integrated into Okta, allowing Innova logins to be managed through your organization’s single sign-on system. This document covers the steps required to register an app on Okta and configure permissions for it.

<mark style="color:red;">**Input all data as per this document. Naming conventions are critical for this function to work successfully!**</mark>

## Procedure

1. Go to [www.okta.com](http://www.okta.com/) and log in to your account.

<img src="/files/Gc3GTxGoGjWAiPWblbC1" alt="" width="563">

2\. Click on **Admin** in the top right of the window to access the Admin Dashboard.

![](/files/W6g7DBS3cphoTnrZJBqV)

3\. On the side menu to the left, click on **Applications** to expand the Applications sub-menu, then click on **Applications** again to open the Applications window. In the Applications window click on **Create App Integration.**

<img src="/files/FNlrXUONvuWMjrL0m4E0" alt="" width="563">

4\. On the Create a New App Integration page, select the sign-in method as **OIDC – OpenID Connect** and the Application type as **Native Application**. Then click on **Next**.

<img src="/files/o9DjuqO7HfdJD8mDdaWI" alt="" width="563">

5\. On the New Native App Integration screen in the **General Settings** section, enter the **App Integration Name** as ‘icpApi’. Toggle on **Refresh Token** and **Resource Owner Password**.

<img src="/files/cT2xmjeIoGSmt6BEs6iF" alt="" width="556">

In the **Assignments** section, the **Controlled Access** setting should be set according to your organisation’s policy. All other settings in the New Native App Integration window can be left as their defaults. Click **Save**.

![](/files/BBZLOxQarawTo5ntLf4t)

6\. On the next screen, named ‘icpApi’ in this case, click on the **Edit** button in the Client Credentials section.

<img src="/files/Qh05nQoHC9Vc9XLR8qZp" alt="" width="563">

Change the **Client Authentication** setting to **Client secret**, then click **Save**.

<img src="/files/tKf7tqXfO0I9hAs55HXh" alt="" width="563">

7\. <mark style="color:red;">Take a note of the</mark> <mark style="color:red;"></mark><mark style="color:red;">**Client ID, Client Secret**</mark> <mark style="color:red;"></mark><mark style="color:red;">and</mark> <mark style="color:red;"></mark><mark style="color:red;">**Domain**</mark><mark style="color:red;">. The Client ID and Client Secret can be copied to clipboard by clicking on the</mark> ![](/files/jsCEariCiMtAxgRL2vs0) <mark style="color:red;">symbol to the right of each item. The Domain is your sign-in URL that you used to log in (e.g., mycompany.okta.com).</mark> <mark style="color:red;"></mark><mark style="color:red;">**Provide these three pieces of information to Innova.**</mark>

<img src="/files/1oQoP2oxoN92n20uD7Zf" alt="" width="539">

8\. Scroll back up to the top of the screen and click on **Sign On**.

<img src="/files/1wLvv3mhKbZ9q1ynVTOf" alt="" width="537">

9\. In the Sign On screen, scroll down to the User Authentication section and click on **Edit**.

![](/files/MOgo0wEa6DMWzz6K7Yuz)

Change the Authentication Policy to **Password Only** and then click on **Save**.

![](/files/d9HaHhLcYQFUA4UlyXlL)

10\. Scroll back up to the top of the screen and click on **Okta API Scopes.**

<img src="/files/CKVDiUjqRwaTXFGiYkDo" alt="" width="537">

11\. Click on **Grant** next to the **Okta.apps.read** scope to grant consent.

<img src="/files/6fdPU9zpXL8oJJs3M7pp" alt="" width="534">

12\. Scroll back up to the top of the screen and click on **Okta API Scopes.**

<img src="/files/aY1fSDSYul06CIAkaB70" alt="" width="530">

13\. Click on **Assign** and then **Assign to People**.

<img src="/files/1fvcOh8SH6f01KrjSHf7" alt="" width="533">

14\. Assign the relevant users by clicking on the **Assign** button beside each user, then click **Done**.

<img src="/files/UcXtm0OivQKJM8590yW6" alt="" width="539">

## Additional setup to enable Multi Factor Authentication (MFA) logins

If your organization wishes to have MFA logins turned on for the Innova Web Portal, Mobile App and Well Seeker Pro server database logins, then they must first follow the below steps within Okta. In addition to these steps, the system admin will require to turn on MFA for the organization, or for individual users within Okta. For that process the user should refer to Okta documentation.

Navigate to the **icpApi** application **General Settings** page. Change the grant types to the below.

<img src="/files/1zExdJ8vbkDeSazwkfTw" alt="" width="563">

Add the below to the call backs

<img src="/files/PiESULHPc2enLPWCHzI0" alt="" width="563">

## Note for Innova Admins

Within the Innova infrastructure the following information provided by the client is input in to the following cells in the Organizations tab:

Client ID: Input in to **CLIENT ID**

Client Secret: Input in to **CLIENT SECRET**

Domain: Input in to **TENANT (DIRECTORY) ID**

In the **DOMAIN NAME** cell, input the end of the company email address, e.g., *@innova-drilling.com*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.innova-drilling.com/introduction/innova-engineering-how-to-guides/innova-icp-api-guides/registering-an-oauth-app-on-okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.