Skip to main content

Configure Okta as SSO

Okta Configuration

On Okta side, you'll have to create a new application:

  • Step 1: Create an OpenID Connect web application
Okta create app
  • Step 2: Configure the callback URI

The redirect URI can be like: http(s)://<Console host>(:<Console port>)/oauth/callback/<OAuth2 config name>.

For example, if you deployed Console locally using the name okta in your configuration file, you can use http://localhost:8080/oauth/callback/okta, like in the screenshot below.

For more details on Console redirect URI for OAuth2, you can check the documentation.

Okta callback URI
  • Step 3: Configure app assignments, and save changes
Okta assignments
  • Step 4: Get client ID and client secret, that you'll use in the configuration file of Console
Okta client ID secret
  • Step 5: Find the issuer URL in the Sign On tab of your application. It's made like https://<domain>.okta.com
Okta issuer
tip

You can find the .well-known at: https://<domain>.okta.com/.well-known/openid-configuration.

Console Configuration

On Console side, you can add the snippet below to your configuration file. You have to replace the client ID, client secret, and domain, with what you got during steps 4 and 5.

platform-config.yaml
sso:
oauth2:
- name: "okta"
client-id: "<client ID>"
client-secret: "<client secret>"
openid:
issuer: "https://<domain>.okta.com"
note

Please note that if you are using a custom auth server in Okta, the OPENID_ISSUER should be in the form https://<yourOktaDomain>/oauth2/<authorizationServerId>/ rather than https://<domain>.okta.com You can find documentation on this here.