Skip to main content

Okta

About 2 min

Okta Configuration

This session shows how to register a Web application on the Okta developer console. When registering the application, we are getting the following values that are needed for later configuration in Datawiza Cloud Management Console (DCMC):

  • Client ID
  • Client Secret
  • Okta Org
  • (Optional) Okta API Token

Add new application

  1. Create a new application. When performing this step, make sure to login to your developer account on Okta. Visit the link hereopen in new window to create a developer account. Okta Create App

  2. Choose OIDC-OpenID Connect as Sign-in method and Web Application as Application type, then click Next. Okta Web Platform

Create your Okta application

  1. Fill out the form, give your application a descriptive name. e.g., Header base application demo. Follow the steps below:
  • Login redirect URIs: e.g., http://localhost:9772/datawiza/authorization-code/callback
  • Logout redirect URIs: e.g., http://localhost:9772
  • Base URIs: e.g., http://localhost:9772
  • Others remain default settings
  • Then click SaveOkta Config

Okta Client ID and Client Secret

  1. On the general information setting page, please make a copy of Client ID and Client secret under the Client Credentials section. You will need these two codes later to build up the connection. Okta Get Client ID

Save ‘Okta Org’ URL

  1. Locate the organization URL in the upper-right corner which takes the form of https://your_domain.okta.com. Save this URL as Okta Org.
    Config Okta in DCMC

Assign Application in Okta

  1. Double check members are linked to the right applications (if not, choose Assign Applications by clicking the green button to manually add). Assign APP in DCMC

(Optional) Add Claims in ID Token

You can skip this section if you need only default claims (family name, given name, email, and so on) provided by Okta. Otherwise, follow the steps below (mainly based on Add a Custom Claim to a Tokenopen in new window) to add custom claims in Okta Console:

  1. Select API tab in Security, it should be a default authorization server called default. Click default:
    Assign APP in DCMC
  2. Select Claims and click Add Claim:
    Assign APP in DCMC
  3. Include the claim in the ID token:
    If you want to get user group, you need to select the Value type as Groups.
    Assign APP in DCMC
    By default it is included in Any scope, you can also add the group in specific scopes: Assign APP in DCMC
    In this way, you need to add the same scopes for your Okta IdP config in the DCMC: Assign APP in DCMC
    For other custom claims, select the Value type as ExpressionAssign APP in DCMC

In addition, you can click Okta Expression Languageopen in new window for more details about expression language.

Then, you need to add the customized attribute in DCMC. You can follow Step 4: Pass User Attributes to pass custom claims.

(Optional) Create API token in Okta

Alternatively, we support getting user info from OKTA user info API by API token. By this means, we can get all user info about the user and do not need to add claims in ID Token.

  1. Choose API and then create your own token. Please be aware of the token value. Okta API token is used by DAP to get user information, especially for those customized user attributes.
    Get Okta API TokenGet Okta API Token

Summary

We have shown how to register a web application on Okta. Please make sure to save the following values for later setting in Datawiza Cloud Management Console.

  • Client ID
  • Client Secret
  • Okta Org
  • (Optional) Okta API Token

Reference

Using the Consoleopen in new window
Create Claimsopen in new window
Add a Custom Claim to a Tokenopen in new window
Okta Expression Languageopen in new window
API Tokenopen in new window

Copyright © 2024 Datawiza Technologies Inc