Configure SSO Using Okta¶
This document provides step-by-step instructions to configure Single Sign-On (SSO) using Okta. Ensure that you have the necessary permissions and access rights before proceeding with these changes.
You can configure the Diagnostic Server Web UI to integrate with Okta for SSO authentication. The Diagnostic Server provides a simple and configurable method to enable Okta sign-in. Follow the steps below to complete the setup.
STEP 1 - Set Up a New Application Profile on the Okta Dashboard¶
If you already have an application configured in your Okta Admin Dashboard, you can skip this step.
I. Create an Okta Application.
- Navigate to
Application > application > Create App Integrationin your Okta dashboard - Select OIDC – OpenID Connect as the Sign-in method
- Choose Single-Page Application as the Application type.
II. Add {ServerURL}/login/callback in Sign-in redirect URIs and click Save to proceed
III. After creating the application, note down the following details from the Okta Dashboard:
- Client ID
- Audience
- Issuer
IV. Add your server URL to the trusted origin list in the Okta Dashboard.
V. Configure the Login Initiated By value as: {ServerURL}/login
VI. Replace {ServerURL} with your actual server URL., eg. https://diagnostics-server.privacera.us
STEP 2 - Configure Diagnostic Server for Okta¶
Once the Okta application is set up, update the Diagnostic Server configuration with the application details as follows:
I. Copy privacera-diagnostics.yml from sample-vars and open it to configure. If the file is already present, you can skip this step:
| Bash | |
|---|---|
vars.privacera-diagnostics.yml DIAG_SERVER_OKTA_ENABLED: Set it to"true"DIAG_SERVER_OKTA_ISSUER: Set it to"<OKTA_BASE_URL>"DIAG_SERVER_OKTA_AUDIENCE: Set it to"<OKTA_BASE_URL>"DIAG_SERVER_OKTA_CLIENT_ID: Set it to"<PLEASE_PROVIDE_ID>"-
DIAG_SERVER_OKTA_INTROSPECT_ENDPOINT: Set it to"<OKTA_BASE_URL>/oauth2/v1/introspect?client_id=<PLEASE_PROVIDE_ID>"