Skip to main content

Okta Overview

MilMove has two domains set up with Okta - one that serves the testing applications and one that serves the production application.

Okta Testing Domain

https://test-milmove.okta.mil which serves the dev, exp, loadtest, demo, and stg environments.

Okta Production Domain

https://milmove.okta.mil which ONLY serves the prd environment.

In order for a customer, office, or admin user to log into MilMove, they MUST have an Okta account. If they do not have an Okta account, they will be denied access to the application and returned back to the /sign-in page and will not be allowed to access the MilMove application.

Getting an Okta account

Customers and Office/Admin users get Okta accounts in different ways. See below:

MilMove Customers can self-register. If they do not have an Okta account when creating a move, they can sign-up when MilMove sends them to Okta for authentication.

Authenticating with Okta

Customers and Office/Admin users have different authentication methods, meaning they can sign into Okta differently. See below:

MilMove Customers can sign in with two factors. Okta will allow for email, password, Okta Verify OTP or Push Notification, Google Authenticator, or they can sign in with their CAC but only if their profile contains their DoDID/EDIPI number.

Okta Groups

When a user authenticates with Okta, there is an additional check that is done to allow access to an application. The user must be a part of the application's respective group in Okta. If the user is not a part of that group in Okta, then they will be denied access. When customers self-register they are automatically assigned to the respective Customer group, but Office & Admin users are assigned to their group during the CSV import. See the following groups in Okta and which applications they grant access to:

Okta groups matter

A user will not be allowed to access any Customer MilMove application if they are assigned to an Admin or Office group in Okta. In the rare case an office user will need to register as a customer, they will need to use a different email address and create a separate Okta account to access the Customer MilMove application.

https://test-milmove.okta.mil
'Dev - Customer' -> http://milmovelocal:3000
'Dev - Office' -> http://officelocal:3000
'Dev - Admin' -> http://adminlocal:3000

Successful Flow with Okta

A successful authentication with Okta for any user will look like this:

  1. User goes to the MilMove application
  2. User clicks the Accept Terms button and is directed to Okta to log in/register
  3. If a customer, they sign in with their username in an email format and their two authenticating factors
    If an office/admin, they will click the Sign in with CAC/PIV box, select their certificate, and enter their PIN.
  4. Okta will find the user based on their entered credentials
  5. Okta will make sure that they are assigned to the group that allows access to the application they were directed from
  6. If they are, they'll send them back to MilMove successfully where they can access the MilMove application

If there are any issues during these steps, you can find some troubleshooting help HERE