Configuring Open ID using Okta Provider

Okta's identity and access management system helps manage access control and user identity. Okta provides services to manage what resources each user can access and what functions each user can perform. In this document, we discuss the steps to configure Open ID using Okta.

Okta as Open ID Provider

Below are steps to choose Okta as Open ID provider in WaveMaker.

1. Select Custom as Open ID provider from the drop-down menu and enter Okta as Provider ID.

Application in Okta Developer

Below are the steps to create an application in Okta Developer.

Creating New Application

1. Go to Okta Developer and set up user account. This is to create an OAuth application to fetch the Client ID and Client Secret.

2. Go to Dashboard.

3. Go to Applications > Applications.

4. Click Create App Integration to start creating an application.

Configuring Application

1. Select Open ID Connect option as Sign-in method.

2. Select Web Application as Application type and click Next.

3. Enter the App Integration Name and check Client credentials as Grant type.

4. Click Add URL to add new redirect URLs.

note

• Redirect URL: Redirect endpoint is the URL to which the client receives the response

5. Enter sign-in redirect URL and sign-out redirect URL.

note

• Sign-in redirect URL is available in WaveMaker authentication and authorization page.
• Add v1/logout to the end of sign-in redirect URL and enter it as sign-out redirect URL. Example: Sign-in redirect URL: https://example.com/okta Sign-out redirect URL: https://example.com/okta/v1/logout

Restricting Domain

1. Select the appropriate access restriction and click Save. This steps ensures domain restrictions to access the application.

Fetching Client Details

1. Click Copy to copy the Client ID to clipboard. Later, provide this information in WaveMaker security configurations.

2. Click Copy icon to copy the Client Secret to clipboard. Later, provide this information in WaveMaker security configurations.

Enabling Scopes

1. Go to Okta API Scopes and click Grant to include it as scope.

Fetching Security Endpoints

1. Click Security from the menu.

2. Go to API in the drop-down menu.

3. Click default.

4. Click Metadata URL that redirects to the page which contains authorization endpoint, token endpoint, JWKS endpoint and User info endpoint.

Get the endpoints and client details to provide in the security configuration page in WaveMaker.

Role Mapping using Okta Provider

Below are the steps to assign you the role in Okta Developer.

Adding Role Attribute

1. Go to Okta Developer and set up user account in the Developer console of Okta.

2. Go to Applications > Applications.

3. Check if we have the required web application else we create a new web application.

4. Go to Directory > Profile Editor.

5. Click on the Profile created by you.

6. Click Add Attribute and fill in the required attribute details.

7. Go to People > Username.

8. Go to Profile and click on Edit to provide the value for the role attribute.

Creating Custom Server

Custom server is created as custom claim like role attribute is not allowed in the default server. The below steps are to configure the custom server.

1. Go to Security > API > Add Authorization Server.

2. Provide the required server details and save the details.
3. Once the server is created, click on the server.

4. Go to Claims, add a new claim.

5. Go to Access Policies, add a new policy.

6. Once the policy is added, we add a new rule.

7. Lastly, we go to Token Preview and add the required details and. Click on Preview Token to verify whether the created role attribute is working correctly.