Integrations
Integrations
Breadcrumbs

SSO OKTA/AUTH0

Integration model

Authentication

The functionality is directly embedded in the Zeus authentication management microservice; it is enabled and configured through that microservice's configuration file.


Authentication configuration

The different authentication providers used are configured in the security.authentication.oidc.providers property. In the case of OKTA, the following properties must be completed:

YAML
security:
  authentication:
    oidc:
      providers:
        okta:
          # Nombre del proveedor tal y como aparecerá en la página de inicio de sesión
          name: OKTA
          # URL del proveedor para autorizar a los usuarios del Portal Anjana (usar variables en la URL)
          authorize-url: https://anjanadata.okta.com/oauth2/default/v1/authorize?client_id=${security.authentication.oidc.providers.okta.client-id}&response_type=code&response_mode=query&scope=${security.authentication.oidc.providers.okta.scopes}&redirect_uri=${security.authentication.oidc.providers.okta.redirect-uri}
          # URL del proveedor para autorizar a los usuarios de Portuno (usar variables en la URL)
          authorize-url-portuno: https://anjanadata.okta.com/oauth2/default/v1/authorize?client_id=${security.authentication.oidc.providers.okta.client-id}&response_type=code&response_mode=query&scope=${security.authentication.oidc.providers.okta.scopes}&redirect_uri=${security.authentication.oidc.providers.okta.redirect-uri-portuno}
          # URL del proveedor para gestionar la creación del token
          token-url: https://anjanadata.okta.com/oauth2/default/v1/token
          # Alcance de la autenticación del proveedor
          scopes: openid profile email
          # Identificador del cliente de autenticación en el proveedor
          client-id: xxxxxxxxxxx
          # Secreto del cliente de autenticación en el proveedor
          client-secret: xxxxx
          # Método de autenticación del proveedor
          client-authentication-method: POST
          # URI a la que el navegador debe redirigir tras un inicio de sesión exitoso con el proveedor en el Portal Anjana
          redirect-uri: https://<host>:<port>/authorized
          # URI a la que el navegador debe redirigir tras un inicio de sesión exitoso con el proveedor en el portal administrativo (Portuno)
          redirect-uri-portuno: https://<host>:<port>/configpanel/authorized
           # Campo donde se encuentra el nombre de usuario en el proveedor
          username-claim: email
          # Tipo de proveedor
          type: OKTA

Requirements

Application registration

The functionality is directly embedded in the Zeus authentication management microservice; it is enabled and configured through that microservice's configuration file.


Below is shown how to create an Okta integration for Anjana Data. An integration represents the application within the Okta organization. The integration includes configuration information required by Anjana to access Okta.


To manually configure the integration once inside the Okta organization, it is necessary to:

  1. Click on Create application integration.

  2. Select a sign-in method of OIDC-OpenID Connect.

  3. Select a web application type (Note: if an incorrect application type is chosen it can interrupt sign-in or sign-out flows by requiring client-secret verification, something public clients do not have).

att_2_for_171999257.png


Enter an Application integration name (Anjana).

(Note: The authorization code is selected as default and cannot be edited, as it is a mandatory type for Grant type).

  1. Enter the Sign-in redirect URI: https://<host>:<port>/authorized

  2. Enter the Sign-out redirect URI: https://<host>:<port>/logout


att_1_for_171999257.png