Okta - SSO feature to access RCP

Okta is a customizable, secure drop-in solution to add authentication and authorization services to your applications. The automatic solution has both identity and access management capabilities and is template-based, which makes it simple to use once configured.

Customer on-boarding

Currently, only one reseller (Shopify) is utilizing Okta SSO, and we’re not actively onboarding new resellers. However, if a large reseller requests SSO or Okta, if warranted, PDM can be engaged by referencing the ticket number, reseller name, and the total number of users/domains to review eligibility. 

User provisioning

New users accessing the RCP using Okta SSO for the first time will automatically have a new user account provisioned in the RSP's user list with a default permission profile. New users may need to manually request an admin user modify their permission profile via the RCP.

Back to top

Triaging questions

If a customer contacts support encountering errors accessing the RCP via Okta SSO, please ask the following questions to escalate to T2 support:

  • Is this for a specific user only, or are all users signing in with Okta? What is the username(s) affected?
  • Does signing in directly from manage.opensrs.com work?
  • What kind of error message are they receiving?

Typically the workaround, while we investigate, is to sign in directly to the RCP with their credentials from manage.opensrs.com - if it works.

Potential login issues

Okta is provided with web pages where our customers might land in case the single-sign-on (SSO) flow fails. The flow involves many components and steps transparent to customers; however, all of these must be fulfilled to ensure a successful outcome. The reason for the potential failures ranges from (IT) customer-side misconfigurations and misuses up to Tucows internal services malfunctions. The following are error web page screenshots and a description under what conditions they might appear.

Not found

Not found page might appear if:

  1. The customer misconfigured the URL in their Okta provider account (OKTA).

  2. This misconfiguration results in the URL service id not being recognized (https://sso.tucows.com/sso/pub/login/XxXXxxxXXxXx).



Unexpected error

The page might appear due to a failure within our auth service. The customer is expected to provide "reqID," which will help developers to identify the issue.



Too many requests

The customer might be rate limited if the threshold for the allowed number of requests per source IP is exceeded. This should never happen, as customers have no reason to use SSO that frequently. However, the protection is implemented to avoid internal service impact in case the public endpoint is abused (DDoS). 


Back to top

Was this article helpful? If not please submit a request here

How helpful was this article?