This article applies as of PRTG MultiBoard 25.5.0


Important Notice: The following article only applies to PRTG MultiBoard. This feature is not available for PRTG app for desktop.

How to enable SSO with PRTG MultiBoard

As of PRTG Multiboard 25.5.0, you can use Microsoft Entra ID and Okta as a single sign-on (SSO) provider in PRTG MultiBoard.

This article covers how to set up SSO with Okta. For information on how to use Microsoft Entra ID as an SSO provider, see the Knowledge Base: How can I use Microsoft Entra ID to set up SSO with PRTG MultiBoard?.

Requirements

  • Requires as of PRTG MultiBoard 25.5.0
  • Requires administrative rights for Okta and PRTG MultiBoard

Configure Okta

Follow these steps to configure Okta to work as SSO provider for PRTG MultiBoard.


Step 1: Add an authorization server configuration

  1. Log in to the Okta administrator console under https://${yourOktadomain}/admin/dashboard.
  2. Go to Security | API and click Add Authorization Server.
  3. Enter a Name, for example PRTG MultiBoard, and an Audience, for example, api://mulitboard.
  4. Click Save.


You can now find your new server in Okta.

You need the authorization endpoint and token endpoint for PRTG MultiBoard. You can find these under Security | API | Your new authorization server.


In the main settings, click on the link found in Metadata URI. You can find the necessary endpoint URLs here.

Step 2: Define an access policy rule

Next, define an access policy rule that defines the scope of your refresh token.

  1. In Security | API, click on your authorization server.
  2. Click the Access Policies tab.
  3. Click Add New Access Policy and enter a name and description for the new access policy.
  4. Click Create Policy.
  5. In the new access policy, click Add rule.
  6. Configure the policy rule. You must add the following scopes:
    • openid
    • profile
    • offline_access

      You can leave the other settings with their default values.

      Note: We recommend that you set the access token lifetime to a shorter interval than the default.
  7. Click Create rule to save your changes.

Step 3: Create an app integration

In this step, you configure Okta to connect with PRTG MultiBoard.

  1. From the admin home page, go to Applications | Applications and click Create App Integration.
  2. Select the following settings in the window that opens:
    • Sign-in method: OIDC – OpenID Connect
    • Application type: Native Application
  3. Click Next.
  4. On the New Native App Integrationwindow, enter the following:
    • Enter an App integration name, for example Paessler PRTG MultiBoard.
    • For Grant type, select Authorization Code and Refresh Token.
    • For Sign-in redirect URIs, enter the IP address, port, and callback URL that Okta uses to connect with PRTG MultiBoard. For example, https://127.0.0.1:43567/cb.
  5. If you want to configure access, select the appropriate option under Assignments | Controlled access. You can change this setting later.

    Note: If you select Limit access to selected groups, enter the name of the group(s) that you want to grant access.
  6. Click Save.

Step 4: Configure your client credentials

Single sign-on with PRTG MultiBoard does not require client authentication, aka a client secret or key.

  1. If you are not in your application, go to Applications | Applications and select your application.
  2. In the General tab, configure the following:
    • Client authentication - None
    • Proof Key for Code Exchange (PKCE) - Enabled
  3. Save your changes.

Step 5: Assign users

 

The last step of setting up your PRTG MultiBoard in Okta is to assign users to the application.

  1. If you are not in your application, go to Applications | Applications and select your PRTG MultiBoard application.
  2. In the Assignments tab, click Assign and select Assign to People or Assign to Groups.
  3. Search for the people or groups you want to assign to the application and click Assign next to their profile name.
  4. Click Done.

Additional notes:

  • People and groups must already exist in your Okta domain if you want to add them to individual applications.
  • You can unassign a user from the application assignment lists to revoke their access to PRTG MultiBoard.

Configure SSO in PRTG MultiBoard

Now that you have configured Okta, you need to configure the SSO settings in PRTG MultiBoard accordingly. You need the following:

Setting

Description

Client ID

The client ID of your application. You can find the client ID in Okta under the General tab of your application settings.

Authorization Endpoint

The authorization endpoint of your application. You can find this in you authorization server settings under Metadata URI.

Token Endpoint

The token endpoint of your application. You can find this in you authorization server settings under Metadata URI.

Port

The port you entered in the callback URL and redirect URI when you configured Okta.

Callback URL

The callback path you entered in the callback URL when you configured Okta.

  1. In PRTG MultiBoard, navigate to File | Settings | SSO.
  2. Enter your credentials.
    Configure PRTG MultiBoard
  3. Enable the check box that states Trust this device if you want PRTG MultiBoard to trust the refresh token from Okta. This means that you do not need to sign in every time you open PRTG MultiBoard.
  4. Enable the check box that states that you understand that you cannot undo SSO on PRTG MultiBoard once you configure it.
  5. If you want, use the Test SSO Endpoint to test the connection and credentials.
  6. Click Save to save your changes.
  7. Restart PRTG MultiBoard to activate the changes.
    SSO configuration successful!


You have now configured SSO in PRTG MultiBoard.