If you are using Okta as your authentication server, follow the procedure in this subsection to register OnSite with Okta.
For details on how to administer Okta authorization service, please refer to your Okta product documentation.
-
Select the Applications tab, and click Add Application.
-
In the Create New Application screen, select Native App and click Next.
-
In the APPLICATION section, in addition to any other requirements you may need to meet for your implementation, ensure the following settings are as follows:
-
Enter a Name such as ‘OnSite Client’.
-
For the Allowed Grant Types, select Authorization Code and Refresh Token.
-
For the login redirect URIs, enter: intergraph.smartconstruction.onsite:/oauthCallback
-
For Client Authentication, select Use PKCE.
-
-
Note the Client ID that is assigned by Okta. You will need it for the next step.
-
Make a copy of the onsite-settings.json.template file (located by default in the root folder of your site, for example, \SmartPlant Foundation Server Files\Web_Sites\[SiteName]) and name the copy onsite-settings.json.
-
Edit onsite-settings.json and add the Client ID from the previous step as Client ID in this file.
-
Edit the SmartPlant Foundation web.config file and change the OAuth security key shown below using the fully qualified URL of the Okta instance, as in this example:
<security>
<oauth issuer="https://youroktaserver.yourdomain.com/admin/oauth2/as/ausbxmpvuyCKJNolq0x6" requiredScopes="ingr.api" />
...
</security>
-
Ensure your group and user assignment will provide access to this application for all necessary users.
ClientID is the only mandatory field.
ClientID and ClientSecret are simple string values.
AuthorizationRequestSettings, AccessTokenSettings, and RefreshTokenSettings are arrays of KeyValuePair objects.