Tutorial

Okta SSO Integration Guide with GoodData.CN


Userlevel 2

OpenID Connect (OIDC) is an OIDF standard that profiles and extends OAuth 2.0 to add an identity layer — creating a single framework in order to provide secured access to APIs, mobile native applications, and browser applications in a single, cohesive architecture.

In this article, we will show you how to set up OIDC app integration for GoodData.CN in Okta.

Step 1: Create a new application integration

  1. In the Okta admin console, and navigate to Applications. 

  2. Click on the button “Add Application”

  3. Click on the “Create New App” button. A modal dialogue asking for basic parameters will appear:

6lWDcEkf7OC-w0uw1My-HQ7vsfjfxtBfHslaBdR1NchnUySchBi0144aytGcLZ2yjk7lXNHQOIXEcGwONVIWElRyd9-QwwXIJSoiFTIrS86Xr3dMm_eEhFFn1ksdkx-6LGiz3vfK

  1. Select “Web” as a Platform and “OpenID Connect” as the Sign on method. 

  2. Click the “Create” button (OpenID Connect app integration window will open) 

Step 2: Create OpenID Connect app integration

 

gHEsY2ajbgKsLLWdVzdJIpWygDKG5pqiddD4F4dOzYQ_Gwil3l9LFzKIKiaNiaJR5CpUmI4FhH7gvjarwU_pQbz0Lk6Gc1TcKOc0IQddHHXKBGdS9jb5g46mHzHT_88M-2ZQS_V4

  1. Choose the Application name to identify this application in Okta’s admin console.

  2. Optionally, choose your custom logo that will be shown in the application list. 

  3. Add Login redirect URI in the form https://<organization-hostname>/login/oauth2/code/<organization-hostname> (so-called callback URL). 

  4. Optionally (but recommended), add Logout redirect URI in the form https://<organization-hostname>.

 

Step 3: A summary of your newly created OIDC application

  1. The next page summarizes your newly created OIDC application. 

  2. You will need the values of “Client ID”, “Client secret”, and “Okta domain” to configure an OIDC client for your organization.

Now you can assign users and groups to this application so they can use it. This action can be done conveniently using Okta API or manually in the admin console.

Now you have all the information needed for OIDC configuration of your organization.

{
"data": {
"id": "analytics",
"type": "organization",
"attributes": {
"name": "Example.com",
"hostname": "analytics.example.com",
"oauthIssuerLocation": "https://<Okta domain>",
"oauthClientId": "<Client ID>",
"oauthClientSecret": "<Client secret>"
}
}
}

For mapping Okta user-to-user in GoodData.CN you need to set the user’s authenticationId in GoodData.CN. You can get the user ID by querying Okta API where you replace <Okta domain> and <user login>.

 

https://<Okta domain>/api/v1/users?filter=profile.login%20eq%20%22<user login>%22

 

Your integration is now fully configured.


0 replies

Be the first to reply!

Reply