| description |
|---|
This guide shows how to set-up Okta identity provider with Aidbox |
{% hint style="info" %} Please make sure you use Aidbox v:2107 or later Aidbox version {% endhint %}
If you do not have an Okta account, create it to get your authorization server (Okta developer portal).
Find your okta domain. You can do it in Security -> API
%20(1).png)
Go to Application -> Application in Okta and create a new one.
- Check Authorization Code Grant Type
- Set Sign-in url to <box-url>/auth/callback/<identity-provider-id>
.png)
Checkout Client ID and Client secret
.png)
Using REST Console create an IdentityProvider config. Replace <okta-domain> with your okta domain.
client.redirect_urishould be <box-url>/auth/callback/<identity-provider-fdid>- set
client.client_idandclient.client_secretto Okta's credentials - replace <box-url> with your box URL (like http://localhost:8080)
- set scopes to
['profile', 'openid'] authorization_endpoint,token_endpointcan be found in Authorization Server Settings (Security -> API -> <your server> -> Settings -> Metadata URI)
PUT /IdentityProvider/okta?_format=yaml&_pretty=true
content-type: text/yaml
type: okta
title: MyOkta
active: true
system: 'okta'
scopes:
- profile
- openid
# e.g. https://dev-30323539.okta.com/oauth2/default/v1/authorize
authorize_endpoint: '<okta-domain>/oauth2/<authorization-server-id>/v1/authorize'
token_endpoint: '<okta-domain>/oauth2/<authorization-server-id>/v1/token'
userinfo_endpoint: '<okta-domain>/oauth2/<authorization-server-id>/v1/userinfo'
userinfo-source: id-token # or userinfo-endpoint
client:
id: <client-id>
secret: <client-secret>
redirect_uri: '<box-url>/auth/callback/okta'Go to your Aidbox base URL, you will be redirected to the login page - you should see "Log in with <provider.title or .type>" button. Press this button and log in with Okta user into aidbox.
%20(1).png)
This user will be logged into Aidbox Console, but without any permissions. Read more in Access Control Section about permissions.