<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Configuring OpenID Connect SSO for Restaurant 365 in Okta

Okta Classic Engine
Okta Identity Engine
API Access Management

Overview

Restaurant 365 integrates with Okta as an OpenID Connect (OIDC) provider for Single Sign-On (SSO). The integration requires the API Access Management SKU to utilize the default custom authorization server, along with a custom OIDC web application configured with specific grant types and access policies. If the Okta organization lacks the default authorization server or contains an incorrect configuration, Restaurant 365 generates the following error:

 

 

 

SSO settings saved, but we could not connect. Please verify your credentials

 

Error

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Restaurant 365 (R365)
  • Custom OpenID Connect (OIDC) application
  • API Access Management

Cause

The Restaurant 365 OIDC integration uses the default authorization server. This requires the Okta organization to possess the API Access Management SKU. The application and default authorization server require specific configurations. If the Okta organization lacks the default authorization server or contains an incorrect configuration, the connection fails.

Solution

    How is OpenID Connect Single Sign-On configured for Restaurant 365?

     

    Configure the Single Sign-On connection in Restaurant 365, create the OpenID Connect web application in Okta, configure the default authorization server access policies, and test the connection.

     

     

    1. In Restaurant 365, begin creating a Single Sign-On connection for Okta.

    New web app integration

    1. Copy the Sign-in redirect URI for use in a later step. Do not select Connect.

    SSO

    1. In the Okta Admin Console, create an OIDC web application.
      • Ensure that the Authorization Code and Client Credentials grant types are both enabled.
      • Enter the Sign-in redirect URI copied from Restaurant 365 into the corresponding field.
    2. Navigate to Security > API > Authorization Servers.

    R365 Access Policy and Rule

    1. Create an Access Policy for the default authorization server and assign the OIDC application to it.
    2. Create an Access Rule for the default authorization server.
      • Select the Client Credentials and Authorization Code grant types.
      • Leave all other settings at their default values.
    3. Create a scope named okta.myAccount.appAuthenticator.maintenance.read on the default authorization server if it does not already exist.

    Add okta.myAccount.appAuthenticator.maintenance.read scope

    1. In Restaurant 365, enter the Client ID, Client Secret, and Authority using the values from the OIDC application created in Okta.
      • NOTE: The Authority requires the Okta default domain and must include https:// (for example, https://<example>.okta.com). Do not use a custom domain.
    2. Select Connect to test the connection.

     

     

    Related References

     

    Loading
    Okta Support - Configuring OpenID Connect SSO for Restaurant 365 in Okta