Authorization in Xsolla Publisher Account via Okta

How it works

Users who have an Okta account can login into Xsolla Publisher Account.

The interaction flow during the first authorization:

  1. The user authorizes the Okta account.
  2. The user selects the Xsolla Publisher Account application on the main page.
  3. The user redirects to an email address input page.
  4. The user enters the email address that is linked to the Okta account.
  5. The Xsolla Login server sends an account confirmation email to the user.
  6. The user follows the link from the confirmation email and is redirected to the Xsolla Publisher Account.

For subsequent authorizations, account confirmation is not needed.

Note:
Before setting up authorization via Okta, make sure that the user has access to Xsolla Publisher Account. If they don’t have access:
  1. Go to Company settings > Users section and click Invite new user.
  2. Enter the user’s email address and select a role for them.
  3. Click Send invite.

Who can use it

Partners who have an Okta account.

How to get it

  1. Log in to your Okta account. You must be a user with administrator rights.
  2. Go to the Applications tab.
  3. On the updated page, click Add Application.
  4. On the updated page, click Create New App.
  5. In the opened window, select platform Web and authorization type OpenID Connect, then click Create.

  1. On the updated page:
    1. Specify an application name. For example: Xsolla Publisher Account.
    2. Upload an application logo (optional). Use the direct link.
    3. In the Login redirect URIs field, specify https://login.xsolla.com/api/social/oauth2/callback.
    4. Click Save.

  1. Switch to edit mode in the General > General Settings section:
    1. In the Application > Allowed grant types block, select the following checkboxes:
      • Authorization Code
      • Implicit (Hybrid) > Allow ID Token with implicit grant type

    1. In the Login block:
      • For Login initiated by, select Either Okta or App field.
      • For Application visibility select Display application icon to users checkbox (optional).
      • For Login flow, select Redirect to app to initiate login (OIDC Compliant).
      • In the Initiate login URI field, specify https://login.xsolla.com/api/social/okta/login_redirect?projectId=40db2ea4-5d42-11e6-a3ff-005056a0e04a&login_url=https://api.xsolla.com/merchant/xsolla_login/session&fields=email.
    2. Click Save.

  1. Go to the Assignments tab. To the created application, add users or user groups who will receive authorization permission.

  1. Send Client ID and Client secret of the created application and also your Okta domain to your Account Manager.
  2. Wait for the response from the Account Manager about completing the setup.