You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


As at April 2021, all newly released Opmantek products can now use OKTA's OpenID connect for authentication.

As per other authentication methods, you will need to edit /usr/local/omk/conf/opCommon.json, specifically the authentication section.

Below is a sample entry. It should be modified and copied into the authentication section. You should only change the items in red. Don't be fooled by the "username":"username " and "password":"password" entries. These are not to be changed. They map the Opmantek internal username / password fields to those returned by the OKTA service. This means that going forward, if OKTA changes these response field names or we configure it to use another OpenID provider that returns different field names, it's simply a matter of changing the configuration to support the external service, no code changes required. Again, you should only change the items in red.

Once you have made the required changes, the omkd service will need to be restarted.

This feature provides authentication only. It does not provide authorization. Your user(s) will need to already exist in the Opmantek suite and be configured for access, prior to using OKTA.

Obviously your Opmantek server will need internet access to be able to talk to OKTA.

In the authentication → auth_method_1 entry, you should use openid_connect.

Open-AudIT specifics

For Open-AudIT the username within Open-AudIT match the username used to sign in to OKTA. No password should be set for the user inside Open-AudIT. This will prevent logon if OKTA is not available. If it is desirable to allow logon if OKTA is not available, set the password inside Open-AudIT.

Configuration Example

"auth_openid_connect" : [{
    "type": "okta",
    "url": "https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token",
    "password": "password",
    "test_error": "error_description",
    "test_success": "access_token",
    "username": "username",
    "post": {
       "client_id": "YOUR_CLIENT_ID",
       "client_secret": "YOUR_CLIENT_SECRET",
       "grant_type": "password",
       "scope": "openid",
       "password": "",
       "username": ""
    },
    "headers": {
       "accept": "application/json",
       "content-type": "application/x-www-form-urlencoded"
    }
}]

  • No labels