Skip to main content

Okta Auto check-in for Workplace [Beta]

Automatically check in employees by detecting authentications completed on your workplace network.

Updated today

Interested in using Okta auto check-in? Contact your customer success manager or email our support team at [email protected].

Overview

The Okta platform secures your employees, contractors, and partners — wherever they are. It covers every part of the Identity lifecycle, from governance to access to privileged controls.

How does this integration work?

The Envoy + Okta integration allows employees to check into the workplace automatically. Envoy leverages identity-based access control and maps the IP of your office to identify the physical location of the employee logging into Okta. If the employee uses Okta in your workplace, they are automatically checked in for that day!

Prerequisites

  1. You must be an administrator for your Okta instance to complete this installation. Either become an administrator or ask your admin for help before completing these steps.

  2. For use with a VPN, please ensure that the VPN is detected by Okta, or the exit node of the VPN is unique and can be distinguished from your workplace network IPs.

Enabling the Envoy + Okta integration

Step 1: Okta app creation

  1. After logging in to your Okta Admin account, go to Applications -> Create app integration.

  2. Under OIDC, select Open ID Connect. For Application type, select Web Application.

  3. Name your web app integration “Envoy - Auto Check-in” and select Core Grants -> Authorization Code and refresh token.

  4. For the sign-in redirect URIs, add "https://workflows.envoy.com/redirect” and delete any Sign-out redirect URIs, if applicable.

  5. Click Save to complete the creation of the app.

Step 2: Okta App configuration

  1. Navigate to the Assignments tab on the Applications page. Assign the admin account using the Assign dropdown.

  2. Navigate to the Okta API scopes tab. Locate "okta.eventHooks.manage” and "okta.eventHooks.read” and select Grant.

  3. Navigate back to the General tab. Here, Okta will give you a clientId and clientSecret. We will use these in the configuration within Envoy.

Step 3: Installing the App within Envoy

  1. Search for “Okta Auto Sign-in” and click install.

  2. API access: This step allows Envoy to set up the user’s Okta Webhook for logins, notifying Envoy about login events.

    1. Click Connect Account.

    2. Enter your Okta organization and click Save.

  3. You’ll be prompted to sign in to your Okta Account using the Client ID and Client Secret, shown in step 2.3.

Workplace configuration

This step defines the CIDR block that Envoy uses to recognize employees as "onsite." You can add multiple CIDR blocks per location, and edit existing CIDR blocks if needed.

  1. Use the Envoy Location dropdown to select the Envoy location you want to enable.

  2. Under the cidrList column, add the corresponding CIDR block. It must be in a valid format.

  3. Click Complete Setup to save the configuration.

    1. The "complete setup" button will be greyed out if the formatting is not valid.

  4. Once the setup is saved, your integration will be live in all mapped Envoy locations.

Viewing auto check-in results

Once your integration installation is complete, navigate to Workplace > Access log. For any check-ins completed by this integration, "Okta" will be listed in the Integration name column.

Note: The Entrance name column will be blank, since this access event is not dependent on a physical entrance.

Did this answer your question?