Thank you for choosing Hive! This is a guide to setting up an OpenID Connect (OIDC) application on Okta to provide your employees with Single Sign-On (SSO) capabilities for Hive. This is intended for employees with admin-level permissions on your company's Okta organization tasked with managing employees' access to Hive.

Creating the Okta Application

To get started setting up an OIDC integration on Okta with Hive:

1. Login to your company's Okta Admin Console.

2. Navigate to the Applications tab on the left sidebar.

   
   

3. Click on Create App Integration.

4. A pop-up window should appear.

   1. For Sign-in method, select OIDC - OpenID Connect

   2. The window should then expand and allow you to select an Application type. Select Web Application.

      
      

5. A new screen should load, allowing you to configure multiple attributes of the new application. Feel free to configure and change settings according to your needs. All default values should work except for a few required attribute changes listed here:

   1. Sign-in redirect URIs
      Please input https://portal-customer-api.thehive.ai/sso/oidc/code.

   2. Grant type: Core grants
      Please make sure Authorization Code is checked (this should already be done by default).

      

   3. Note: You will have to select an option for Controlled access in the Assignments section at the bottom of the page before Okta allows you to create the application. Whatever option required for your use case should also work for SSO integration with Hive.

6. Click Save. The application should now be created.

7. After the application is created, Okta should automatically direct you to the application's settings page. If you are not redirected, navigate to this page by clicking the Applications tab on the left sidebar (same as step 2) and then clicking on your newly-created application.

8. Under the application's settings page's General tab, navigate to General Settings.

   
   

9. Within General Settings, navigate to the LOGIN section. Adjust these values:

   1. Login initiated by
      Switch the dropdown selection from App Only to Either Okta or App.

   2. Login flow
      Make sure the radio button Redirect app to initiate login (OIDC Compliant) is selected (this should already be done by default).

   3. Application visibility
      Make sure the checkbox Display application icon to users is checked. This allows your employees to view your newly created application.

   4. Initiate login URI
      Please input https://portal-customer-api.thehive.ai/sso/oidc/initiate.

      
      

10. Click Save.

11. Click the application's settings page's Sign On tab.

    

12. Navigate to the OpenID Connect ID Token section and click the Edit button. Change the Issuer value to Okta URL and click Save

    
    

This completes the setup needed on Okta for integration with Hive. However, Hive requires some additional information before SSO is fully configured.

Completing Integration with Hive

The following two pieces of information are needed by Hive to complete SSO integration. They can be found under the General tab of your newly-created Okta application.

• Client ID
  Under the Client Credentials section, the Client ID should be displayed. Use the adjacent button to copy the Client ID to your clipboard.

• Client Secret
  Under the CLIENT SECRETS section, a single secret value should be present. Once again, you can use the adjacent button to copy the secret value to your clipboard.

  
  

The last piece of information required by Hive is your Okta Organization Domain. This can be found by clicking on your profile name at the top right of the screen. The Okta Organization Domain is the value under your email. When you hover over the value, a button allowing you to copy the value to your clipboard should appear.

Send the Client ID, Client Secret and Okta Organization Domain to your Hive representative. Shortly afterward, SSO with Hive will be fully set up.