AWS Wickr and Wickr Enterprise both can be configured to use an SSO system to authenticate. This gives an added layer of security when paired with an appropriate MFA system. This FAQ shows how to add Okta SSO to both an AWS and an Enterprise network.
Warning: Once SSO is enabled on a network it will
sign active users out of Wickr and force them to
re-authenticate using the SSO provider.
The first step is to add an application for the Wickr service:
You will want to choose the "Native App" type:
The last step is to choose the settings for Wickr:
Shown above, the Redirect URI for AWS Wickr is:
The Redirect URI for Wickr Enterprise is:
https://<App Server IP/DNS>/deeplink/oidc.php
and the following Grant Types allowed:
- Authorization Code
- Refresh Token
- Implicit (Hybrid)
Okta will supply a Client ID to use. We'll add this value to the Wickr side!
Wickr doesn't use Client Secrets with Okta.
Wickr SSO Setup:
The images shown below are for the V2 admin panel, which isn't the default for Enterprise. However the entries necessary are the same in both V1 and V2. The only difference is how it is presented.
The first step is to navigate to the SSO Configuration page in Network Settings:
The following is needed to add SSO with Okta:
- SSO Issuer - This is the URL of your Okta instance.
- SSO Client ID - This is provided when saving the Okta application.
- Company ID - This can be any text value and must be unique. This phrase is what your users will enter when registering on new devices.
All that's left is to Test Connection, and then Save Connection.