Scroll ignore | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
Note |
---|
This is a draft integration guide for Okta. Some steps may require further requirement. Any feedback is appreciated. |
...
Open a new window and log in to your company’s Okta account. Go to the Admin portal
Go to Applications in the sidebar. Select Applications. Click Create App Integration
Select Open IDConnect & Web Application. Click Next
Under General Settings fill in the below and click Save
App integration name: Enter K Data Catalog
Application Logo: Use the image below or request the K Logo file from support@kada.ai
Sign-in redirect URIs: Paste the redirect URL from Step 1 in the Login redirect URLs field
Controlled Access: select Skip group assignment for now
In the General Tab, copy the Client ID and Client Secret for use in Step 3
Go down to General Settings and click Edit. Go to the Login section and update the following. Click Save
Login initiated by: Either Okta or App
Application visibility: Display application icon to users
Login flow: Redirect to app to initiate login (OIDC Compliant)
Initiate login URI: Enter your K instance URL e.g. https://[customer].kada.ai
Go to Security in the sidebar. Select API. Click on the Authentication Server to be used for SSO
Copy the Metadata URI for use in Step 3
...
Return to the Keycloak window from Step 1
Scroll to the bottom of the list and paste the Metadata URI that you copied in the previous step into the Import from URL and click Import
Some information will pre-populate from OKTA. Complete the missing information and click Save
Logout URL: Set this to your Okta login URL (e.g. https://abc123.okta.com/login/default) or any other URL
Client Authentication - Set to Client secret sent as basic auth
Client ID - Paste the Client ID saved from the previous step
Client Secret - Paste the Client Secret saved from the previous step
Default Scopes - Add openid email profile
Click Save
Select Authentication from the side panel to configure the first login flow.
On the Flow tab, select Browser in the dropdown menu
For the Auth Type Identity Provider Redirector, select Alternative
...
The Okta Log In option will now appear the next time you try to log in to KADA
...
To enable the configuration to be imported, set path for X.509 Client Certificate. Here is link to guide you through this from keycloak.