CloudBeaver Documentation


Okta OpenID Authentication

Note: This feature is available in Enterprise, AWS, Team editions only.


Okta OpenID Authentication utilizes Okta as an identity provider to authenticate users in applications through OpenID Connect. It simplifies user access control by providing a centralized authentication mechanism, thereby reducing the need for separate account and password management. For detailed setup and configuration instructions for Okta OpenID Connect, refer to the official Okta documentation.

Configuration steps

Step 1: Enabling Okta OpenID Authentication

  1. As an administrator, go to Settings -> Server Configuration.

  2. Find the Okta OpenID option in the Authentication Settings section and activate this setting to enable Okta OpenID authentication.

  3. Save the changes.

Step 2: Adding an Identity Provider

  1. As an administrator, navigate to Settings -> Identity Providers.

  2. Click on the + Add button.

  3. Fill in the following fields:

    Field Description
    Provider Select Okta OpenID from the dropdown menu.
    ID Enter a unique identifier for the configuration.
    Configuration name Enter a descriptive name for this configuration.
    Description Provide a brief description of this identity provider configuration.
    Icon URL Enter the URL of an icon to represent this provider.
    Disabled Leave unchecked to enable this identity provider.
    Client ID The client identifier provided by the OpenID Connect provider.
    Client Secret A secret key associated with the client ID for authentication.
    Okta Domain Organization domain in Okta.
    Read Okta group information If checked than Active Directory user group information will be claimed. May be required for Okta permissions integration.
    Read user info Read user profile data, using userinfo endpoint URL.
    Name of AWS role claim Name of AWS role claim that contains the name of the AWS role.
  4. Click on the Create button.

  5. Copy Redirect and Sign out Links:

    1. Enter the newly created identity provider.
    2. Copy the Redirect link and the Sign out link.

  6. Update Redirect URIs in Okta:

    1. In your Okta application, navigate to General -> Login.
    2. Under Sign-in redirect URIs, paste the copied Redirect link.
    3. In the same section, locate Sign-out redirect URIs and paste the Sign out link there.
    4. Click Save in Okta to finalize these configurations.

Step 3: Logging in

  1. With the Okta OpenID configuration now established, proceed to the login screen.

  2. Select the Federated authentication method, labeled with the Configuration name you specified.

  3. Clicking on this authentication method will redirect you to the Okta page.

  4. After filling your username and password of the Okta account, you will be automatically redirected and logged into the CloudBeaver.