...

Obviously your Opmantek server will need internet access to be able to talk to OKTA.

In the authentication → auth_method_1 entry, you should use openid_connect.

Open-AudIT specifics

For Open-AudIT the username within Open-AudIT match the username used to sign in to OKTA. No password should be set for the user inside Open-AudIT. This will prevent logon if OKTA is not available. If it is desirable to allow logon if OKTA is not available, set the password inside Open-AudIT.

Configuration Example

In the authentication → auth_method_1 entry of opCommon.json, you should use openid_connect.

"auth_method_1": "openid_connect",

"auth_openid_connect" : [{
    "type": "okta",
    "url": "https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token",
    "password": "password",
    "test_error": "error_description",
    "test_success": "access_token",
    "username": "username",
    "post": {
       "client_id": "YOUR_CLIENT_ID",
       "client_secret": "YOUR_CLIENT_SECRET",
       "grant_type": "password",
       "scope": "openid",
       "password": "",
       "username": ""
    },
    "headers": {
       "accept": "application/json",
       "content-type": "application/x-www-form-urlencoded"
    }
}]