Versions Compared

Old Version 5

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version 6

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

As at April 2021, all newly released Opmantek products can now use OKTA's OpenID Connect for authentication.

...

Below is a sample entry. It should be modified and copied into the authentication section. You should only change the items in red. Don't be fooled by the "username":"username " and "password":"password" entries. These are not to be changed. They map the Opmantek internal username / password fields to those returned by the OKTA service. This means that going forward, if OKTA changes these response field names or we configure it to use another OpenID provider that returns different field names, it's simply a matter of changing the configuration to support the external service, no code changes are required. Again, you should only change the items in red.

...

This feature provides authentication only. It does not provide authorization. Your user(s) will need to already exist in the Opmantek suite and be configured for access, prior to using OKTA.

Obviously, your Opmantek server will need internet access to be able to talk to OKTA.

...

"auth_openid_connect" : [{
    "type": "okta",
    "url": "https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token",
    "password": "password",
    "test_error": "error_description",
    "test_success": "access_token",
    "username": "username",
    "post": {
       "client_id": "YOUR_CLIENT_ID",
       "client_secret": "YOUR_CLIENT_SECRET",
       "grant_type": "password",
       "scope": "openid",
       "password": "",
       "username": ""
    },
    "headers": {
       "accept": "application/json",
       "content-type": "application/x-www-form-urlencoded"
    }
}]


Creating an Application OKTA entry.

First, create a new Group (our example below if "Firstwave Monitoring Group".

Assign your user to that group.

Next, create a new application as below.

Image Added

Image Added

Then edit the application and change as below.

Image Added

Image Added

And that's all you should need to do on the OKTA side of things.

You can find the values we require for opCommon.json in the OKTA interface.

Edit opCommon.json with these values (as above), restart the OMKD daemon, make sure the users in OKTA have the same username in the Firstwave applications and they should then be able to log in.