...
First register your Grand Avenue instance in your external identity provider and authorize it for the operations it needs for SSO.
Log into Okta admin console
Select APPLICATIONS
Create a new App Integration with the following selections:
Complete the fields to register Grand Avenue.
Set the App integration name to your preferred name.
The sign-in redirect URI can be found in Grand Avenue from Configure Authentication Management → Configure Single Sign On
You should register the Redirect URIs for all Grand Avenue instances with users that will need to authenticate against your SSO provider. For hosted Grand Avenue customers, this will include each of your sites:Production - https://<customername>/GrandAvenue/Authentication/authorization-code/callback
Training - https://<customername>/Training/Authentication/authorization-code/callback
Upgrade - https://<customername>/Upgrade/Authentication/authorization-code/callback
Evaluation - https://eval.grandavenue.com/<customername>/Authentication/authorization-code/callback
Configure the necessary settings for the Grand Avenue registration in Okta
Under General ensure “Client authentication” is set to “Public key / Private key” and “Proof Key for Code Exchange (PKCE)” is set to “Require PKCE as additional verification”.
Select Save for “Existing client secrets will no longer be used”
Add a public key
Add information to Grand Avenue. Navigate to the “Configure Single Sign On” via Configure Authentication Management → Configure Single Sign On
Change the Single Sign On Enabled? dropdown to “Yes”
Complete the required fields and click Save.
The Provider Name entered here will be displayed to users on the Sign In page as "Sign in with <provider name>" (e.g., "Sign in with Okta")
The other fields must be populated with information from the Grand Avenue registration you created above.
