Integrate GTR Website to OKTA
Configuring the GTR website into your firm's workspace OKTA offers several benefits. Your colleagues can access GTR with the same set of credentials. This enhances user experience and reduces password fatigue. Access permissions to GTR website can be easily managed in your OKTA, aiding compliance and monitoring access behaviors for auditing purposes of your firm.
Properly configure GTR website into your firm's OKTA
Only the Main Account of your VASP is allowed to manage OKTA settings. To configure OKTA settings properly, please follow the below steps.
- Entry point: [My Account] -> [Settings] -> [OKTA]
- Fill in "Metadata URL" and switch ON. ("Metadata URL" can be found in your firm's OKTA > SAML 2.0 area)
- "Single-sign on URL" and "SP Entity ID" are automatically generated by GTR system. You will copy and share them with your OKTA GTR App admin.
Once your OKTA admin created the GTR App, there are still several things that need to be set up. In your firm's OKTA > GTR App > SAML Setting:
- Single sign-on URL: refer to GTR prepared "Single-sign on URL on [My Account] -> [Settings] -> [OKTA]
- Audience URK (SP Entity ID): refer to GTR prepared "SP Entity ID" on [My Account] -> [Settings] -> [OKTA]
- Name ID Format: please select "Email Address"
- Application username: please select "Email"
Sync your firm's OKTA identities into GTR
OKTA SCIM, or System for Cross-domain Identity Management, is an open standard technique that GTR leverages to synchronize your firm's OKTA user identity with GTR. To enable OKTA SCIM:
- First, please enable this feature on the GTR website.
- Entry point: [My Account] -> [Settings] -> [OKTA]
- Fill in "SCIM Sync Token" and switch ON. Save this "SCIM Sync Token" to somewhere else, you will need it later.
- "SCIM Sync URL" is automatically generated by the GTR system.
Once completed, your OKTA GTR App admin needs to do a few more setup in your firm's OKTA GTR App:
- SCIM connector base URL: refer to GTR prepared "SCIM Sync URL" on [My Account] -> [Settings] -> [OKTA]
- Unique identifier field for users: please use "email"
- Authentication Mode: please select HTTP Header
- HTTP Header: refer to "SCIM Sync Token" on GTR website [My Account] -> [Settings] -> [OKTA]
Inviting more members accessing GTR
Once your GTR App in your firms' OKTA is properly configured, you may wish to allow more members to navigate to GTR Website from your OKTA. To archive this, 2 simple actions:
- Invite them as an Operator Account, and they're required to complete activation. Please refer to Add Operator Account for more detail.
- Your OKTA GTR App admin grants OKTA GTR App access to new members.
