Okta OpenID authentication
Okta OpenID Authentication utilizes Okta as an identity provider to authenticate users in applications through OpenID Connect. It simplifies user access control by providing a centralized authentication mechanism, thereby reducing the need for separate account and password management. For detailed setup and configuration instructions for Okta OpenID Connect, refer to the official Okta documentation.
Configuration steps¶
Step 1: Enabling Okta OpenID Authentication¶
-
As an administrator, go to Settings -> Server Configuration.
-
Find the Okta OpenID option in the Authentication Settings section and activate this setting to enable Okta OpenID authentication.
-
Save the changes.
Step 2: Adding an Identity Provider¶
-
As an administrator, navigate to Settings -> Identity Providers.
-
Click on the + Add button.
-
Fill in the following fields:
| Field | Description |
|---|---|
| Provider | Select Okta OpenID from the dropdown menu. |
| ID | Enter a unique identifier for the configuration. |
| Configuration name | Enter a descriptive name for this configuration. |
| Description | Provide a brief description of this identity provider configuration. |
| Icon URL | Enter the URL of an icon to represent this provider. |
| Disabled | Leave unchecked to enable this identity provider. |
| Client ID | The client identifier provided by the OpenID Connect provider. |
| Client Secret | A secret key associated with the client ID for authentication. |
| Okta Domain | Organization domain in Okta. |
| Read Okta group information | If checked than Active Directory user group information will be claimed. May be required for Okta permissions integration. |
| Read user info | Read user profile data, using userinfo endpoint URL. |
| Custom scopes | The custom scopes. Use with ; delimiter. |
| Name of an AWS role claim | Name of the AWS role claim that contains the name of the AWS role. |
| Group: Administrators | Administrators group ID. This is the group's unique ID. All users from this group will be associated with the role of Administrator |
| Group: Developers | Developers group ID. This is the group's unique ID. All users from this group will be associated with the role of Developer |
| Group: Managers | Managers group ID. This is the group's unique ID. All users from this group will be associated with the role of Manager |
| Group: Editors | Editors group ID. This is the group's unique ID. All users from this group will be associated with the role of Editor |
| Group: Viewers | Viewers group ID. This is the group's unique ID. All users from this group will be associated with the role of Viewer |
| Restrict access if user role does not match | If enabled, users whose SSO groups are not mapped to any role in the provider configuration will not be able to log in. User provisioning will also skip such users. If disabled, all authenticated users will be able to log in regardless of group mapping. |
-
Click on the Create button.
-
Copy Redirect and Sign out Links:
- Enter the newly created identity provider.
- Copy the Redirect link and the Sign out link.
-
Update Redirect URIs in Okta:
- In your Okta application, navigate to General -> Login.
- Under Sign-in redirect URIs, paste the copied Redirect link.
- In the same section, locate Sign-out redirect URIs and paste the Sign out link there.
- Click Save in Okta to finalize these configurations.
Step 3: Logging in¶
-
With the Okta OpenID configuration now established, proceed to the login screen.
-
Select the Federated authentication method, labeled with the Configuration name you specified.
-
Clicking on this authentication method will redirect you to the Okta page.
-
After filling your username and password of the Okta account, you will be automatically redirected and logged into the Team Edition.