When a user tries to click the LimbleCMMS application icon from their Okta dashboard, an error message is displayed:
403 Access Forbidden - You don't have permission to access this page
In the System Log, a specific error is visible:
User performed OIDC single sign-on to app - failure: missing_initiate_login_uri
- LimbleCMMS
- Identity Provider (IdP)
- Single Sign-On (SSO)
- IdP-initiated SSO
This is expected behavior. As per the Limble CMMS OIDC Okta Configuration Guide, IdP-initiated flow is not supported, and only Service Provider-initiated flow is supported.
As LimbleCMMS only supports Service Provider-initiated (SP-initiated) flow, users have to navigate to app.limblecmms.com to authenticate. A SP-initiated flow occurs when an end user attempts to sign in to an external application directly on that application's sign-in website. For example, http://app.limblecmms.com is the SSO sign-in location for the LimbleCMMS application.
To preserve the Okta user experience, use the Bookmark App integration to simulate an Identity Provider-initiated (IdP-initiated) flow. The integration can be customized to display the logo of the LimbleCMMS application.
Step 1 - Update the LimbleCMMS application integration
- The LimbleCMMS app from the Okta App catalog will serve as the back-end connection between Okta and the SP; however, this application icon will be hidden from the end user.
- To hide the application icon, go to the Admin Console and navigate to Applications > LimbleCMMS > General tab > click Edit in the App Settings pane > enable both options in the Application visibility section.
Step 2 - Configure the Bookmark App integration
Add an Okta Bookmark App integration to display the LimbleCMMS application to the end user.
- In the Admin Console, go to Applications > Applications.
- Click Browse App Catalog.
- In the Search... field, enter Bookmark App. Click the Bookmark App integration.
- Click Add to create a Bookmark App instance.
- In the General Settings for the Bookmark App, enter the name of the application and the URL of the external site. For example,
https://app.limblecmms.com. - This is the application icon that end-users see, so clear both Application Visibility checkboxes:
- Click Done to create the Bookmark App.
- Assign the app integration to the necessary users.
Step 3 - Change the bookmark application icon appearance
Add a custom logo to use as the application icon for the bookmark app integration created in task 2.
A custom logo must meet the following requirements:
- Image type must be PNG, JPG, or GIF (PNG is best)
- Image dimensions should be at least 420 pixels by 120 pixels to prevent visual scaling issues
- Image size must be less than 1 MB
- Click the menu icon on the logo tile, and then select Upload Custom logo.
- In the Upload Custom Logo dialog, click Browse files... Locate and select the image to use as the application icon and click Open.
- Click Update Logo to set the application icon.
The end users now have the LimbleCMMS application icon on their desktops, which simulates the Okta IdP-initiated flow into the LimbleCMMS application.
There will be two different LimbleCMMS applications in Okta:
|
LimbleCMMS app from the Okta App catalog |
This app integration serves as the back-end connection between Okta and the Service Provider LimbleCMMS. However, this application icon must be hidden from the end user. Use this app only for provisioning. |
The application icon is not visible on the User's Okta dashboard. |
|
LimbleCMMS bookmark app with app URL https://app.limblecmms.com |
This application will simulate the Okta IdP-initiated flow into the LimbleCMMS application. The application icon will be visible to the end user. This app does not support provisioning features. |
The application icon is visible on the User's Okta dashboard. |
NOTE: The Bookmark App integration does not support provisioning features.
