☁️
Zus Docs
  • About Züs
  • System
    • Providers and Services
      • Miner
      • Sharder
      • Blobber
      • Validator
      • Authorizer
      • Node Locator (0DNS)
    • Storage
      • Architecture and Data Management
      • Protocol
        • Allocations
        • Reference Objects
        • Challenges
        • Write Markers
          • Chain Hashing
          • Two Commit
        • Blobber Repair Protocol
      • ZS3 Server
        • Backup, Recovery and Replication
        • Encryption and Compression
        • S3FS Setup and Usage
        • Backup & Recovery with Restic on Blimp + ZS3 Server
        • Backup & Recovery with Veeam on Blimp + ZS3 Server
      • File Operations
        • Upload
        • Download
        • File Sharing
        • Partial Error Recovery
        • Streaming
        • Rent a Blobber
    • Smart Contracts
      • Storage S.C.
      • Miner S.C.
      • ZCN S.C.
      • ERC-20 S.C.s
      • Bridge Protocol
    • Blockchain & Consensus
      • Entities
    • User Authentication and Wallet Management System
      • OKTA Integration
      • Key Management System (KMS)
  • APIs
    • 0DNS API
    • JS API
    • Mobile API
  • CLIs
    • Storage CLI
      • Quickstart
      • Configuring the tool
    • Wallet CLI
      • Wallet Configuration
      • Quickstart
      • Configuring the tool
  • SDKs
    • Go SDK
      • GO SDK Microservices
    • JS SDK
  • Tokenomics
    • Staking
    • Reward & Penalty
  • ✨Züs Apps
    • 🗝️Vult
      • Getting Started
        • Web
        • Mobile
      • Vult AI
        • Batch Processing
        • Memory Retention
        • Technical Implementation
        • Architecture Overview
      • Login / Register
      • File Management Pages
      • File Sharing
      • Storage Management Dashboard
      • Storage Maintenance and Troubleshooting
      • Züs Subscription
      • Wallet Management
      • Refer a friend
      • Settings
    • 🏗️Blimp
      • Getting Started
      • Login / Register
      • Configure Storage
        • Create Standard Storage Allocation
        • Create Enterprise Allocation
        • Create S3 Server Allocation
        • Create Cloud Migration Allocation
        • Allocation Maintenance and Troubleshooting
      • File Management Pages
      • File Sharing
      • Manage Allocations
      • Upgrade Storage
      • Blimp Vault
      • Refer a friend
      • Settings
      • Launching ZS3 Server
      • Using CLI to backup files into Blimp + ZS3 Server
    • 🏠Chimney
      • Getting Started
      • Login / Register
      • Create New Deployment
      • Manage Your Deployments
      • Homepage
      • Staking Dashboard
      • Rank Dashboard
      • Monitor Dashboard
      • Stats Dashboard
      • Logs Dashboard
      • Wallet Dashboard
      • Operations on your Deployments
      • Restricted Blobbers
      • Settings
        • Manage Profile
        • Wallet Settings
        • Update Blobber Settings
        • Update Blobber Version
        • Refer a friend
        • Help
    • 🌐Atlus
      • Getting Started
      • Home page
      • Service Providers Page
      • Charts Page
        • Market Charts
        • Network Charts
        • Storage Charts
      • Blockchain Page
      • Server Map Page
      • Storage Explainer Page
      • Details Pages
        • Block Details Page
        • Transaction Details Page
        • Wallet Details Page
        • Miner Details Page
        • Sharder Details Page
        • Blobber Details Page
        • Validator Details Page
        • Authorizer Details Page
        • Allocation Details Page
      • Appendix: Common Components
    • ⚡Bolt
      • Getting Started
        • Web
        • Mobile
      • Login / Register
      • Sign In with external wallet
      • Staking Dashboard
      • Staking/Unstaking a provider
      • Claiming Rewards
      • Send/Receive ZCN tokens
      • Buy ZCN
      • Deposit/Withdraw ZCN tokens
      • Activity Dashboard
      • Refer a friend
      • Settings
  • Releases
    • Hardfork
Powered by GitBook
On this page
  • 1. Prerequisites
  • 2. Required Organization Details
  • 3. Configuring Application URIs and Web Origins
  • 4. Setting Up User Removal Webhook
  1. System
  2. User Authentication and Wallet Management System

OKTA Integration

OKTA is an OAuth2 authentication service that allows different organizations to be used for authentication in Zus services.

To integrate OKTA with Zus, an organization must follow a structured onboarding process that involves coordination with Zus management and proper configuration of authentication and user management settings.

Below are the steps and required details for setting up an OKTA organization in Zus.

1. Prerequisites

Before integrating OKTA with Zus, organizations must coordinate with Zus management to facilitate the onboarding process. This includes:

  • Setting up an OKTA organization.

  • Creating an Admin User who will have full access to all user wallets, including those of deleted users.

2. Required Organization Details

The organization must provide the following details to Zus management to enable integration:

Basic Information

These details will be displayed on Zus services and are essential for the organization’s identity:

  • Name – The organization's name as it should appear on Zus services.

  • URL – The official website link of the organization.

  • Description – A short description of the organization's operations and purpose.

OKTA Application Credentials

These credentials must be retrieved from the OKTA Application Settings page in the OKTA dashboard:

  • Domain – The organization's domain from OKTA.

  • Client ID – Unique identifier for the OKTA application.

  • Client Secret – Secret key associated with the OKTA application for secure authentication.

  • Admin Client ID – The Admin User's Client ID, specifically created to manage user wallets, even if users are deleted.

Where to Find These Credentials?

  1. Navigate to Okta OAuth2 Manage Dashboard > Applications > Applications > (Selected Application) > Settings

  2. Copy Domain, Client ID, and Client Secret.

  3. Create an Admin User and retrieve its Client ID.

3. Configuring Application URIs and Web Origins

To ensure proper redirection after successful authentication, the following settings must be configured in the OKTA application:

Allowed Callback URLs

After the user authenticates, OKTA will redirect the user to one of these URLs.

Example:

https://blimp.software/authentication

Multiple valid URLs can be specified, separated by commas. Ensure that the URLs start with https:// as callbacks will fail otherwise.

Allowed Web Origins

This setting ensures that Zus services can properly interact with OKTA authentication.

Example:

https://blimp.software

Wildcards can be used at the subdomain level, but query strings and hash information are ignored.

These settings must be configured by the organization owner to allow proper redirection to Zus services after user authentication.

4. Setting Up User Removal Webhook

To ensure account deletions are properly managed, the organization needs to configure a User Removal Webhook in OKTA.

Here are steps to Configure Back-Channel Logout Webhook.

  1. Navigate to Okta OAuth2 Manage Dashboard → Applications → Applications → (Selected Application) → Settings → OpenID Connect Back-Channel Logout.

  2. Locate the "Back-Channel Logout" section. Enter the Webhook URL: Use the Zus-provided webhook endpoint

https://0box.mainnet.zus.network/v2/okta/webhook?name={organization_name}
  1. Select "Selected Initiators Only" in Back-Channel Logout Initiators.

  2. Enable Specific Logout Conditions: Ensure that the following options are selected:

    1. Account Deleted

    2. Account Deactivated

If organization is intended to rotate secrets. Please connect with Zus management and we will enable removal_protection mode not to remove the organization because of non-actual secrets.

By following these steps, organizations can seamlessly integrate OKTA with Zus, ensuring secure, automated user management.

PreviousUser Authentication and Wallet Management SystemNextKey Management System (KMS)

Last updated 1 month ago

Fig1: Application Settings
Fig3: Allowed Callback URLs
Fig4: Allowed Web Origins
Fig5: OKTA Configuration