OpenID Connect (OIDC) is an OIDF standard that profiles and extends OAuth 2.0 to add an identity layer — creating a single framework in order to provide secured access to APIs, mobile native applications, and browser applications in a single, cohesive architecture.
In this article, we will show you how to set up OIDC app integration for GoodData.CN in Okta.
Step 1: Create a new application integration
In the Okta admin console, and navigate to Applications.
Click on the button “Add Application”
Click on the “Create New App” button. A modal dialogue asking for basic parameters will appear:
Select “Web” as a Platform and “OpenID Connect” as the Sign on method.
Click the “Create” button (OpenID Connect app integration window will open)
Step 2: Create OpenID Connect app integration
Choose the Application name to identify this application in Okta’s admin console.
Optionally, choose your custom logo that will be shown in the application list.
Add Login redirect URI in the form
https://<organization-hostname>/login/oauth2/code/<organization-hostname>(so-called callback URL).
Optionally (but recommended), add Logout redirect URI in the form
Step 3: A summary of your newly created OIDC application
The next page summarizes your newly created OIDC application.
You will need the values of “Client ID”, “Client secret”, and “Okta domain” to configure an OIDC client for your organization.
Now you can assign users and groups to this application so they can use it. This action can be done conveniently using Okta API or manually in the admin console.
Now you have all the information needed for OIDC configuration of your organization.
"oauthIssuerLocation": "https://<Okta domain>",
"oauthClientId": "<Client ID>",
"oauthClientSecret": "<Client secret>"
For mapping Okta user-to-user in GoodData.CN you need to set the user’s
authenticationId in GoodData.CN. You can get the user ID by querying Okta API where you replace
<Okta domain> and
https://<Okta domain>/api/v1/users?filter=profile.login%20eq%20%22<user login>%22
Your integration is now fully configured.