Bobcares

Set up Okta as an OpenID Connect identity Provider | Guide

by | Feb 4, 2022

Set up Okta as an OpenID Connect identity provider with this in-depth guide by our in-house experts. 

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team is ready to help customers with setting up Okta as an OpenID Connect identity provider.

How to set up Okta as an OpenID Connect identity provider

Here is a helpful guide to setting up Okta as an OIDC identity provider in an Amazon Cognito user pool. Our Support Techs recommend following these steps to get the job done:

Set up Okta as an OpenID Connect identity Provider
  • Create an Amazon Cognito user pool with an app client and domain name
  • Sign up for an Okta developer account
  • Create an Okta app
  • Configure settings for the Okta app
  • Add an OIDC IdP in the user pool
  • Change app client settings for the user pool
  • Map the email attribute to a user pool attribute
  • Log in to test the setup

How to create an Amazon Cognito user pool with an app client and domain name

  1. First, we have to create a user pool.
  2. Then, we will create an app client in the user pool and add a domain name for the user pool.

How to sign up for an Okta developer account

  1. Head to the Okta Developer signup webpage and enter the personal information and then select SIGN UP. Then, we will receive a verification email from the Okta Developer Team.
  2. Next, we will choose ACTIVATE and finish creating the account.

How to create an Okta app

  1. First, we have to open the Okta Developer console and expand Applications and select Applications.
  2. Then, select Create App Integration and select OpenID Connect.
  3. After that, we have to select Web Application then select Next.

How to configure settings for your Okta app

  1. First, we will head to the New Web App Integration page, under General Settings, and enter a name for the app.
  2. Next, check the Authorization Code check box is selected under Grant Type
  3. Then, enter https://myUserPoolDomain/oauth2/idpresponse. for Sign-in redirect URLs.
  4. After that, enter https://myUserPoolDomain/oauth2/idpresponse for Login redirect URIs under CONFIGURE OPENID CONNECT.
  5. Next, we will select our preferred access setting in Controlled access and select Save.
  6. Then, make a copy of the Client ID and Client secret from Client Credentials.
  7. Select Sign On and note the IssuerURL in the Open ID Connect ID Token. We will require this URL while configuring Okta in the user pool.

How to add an OIDC IdP in the user pool

  1. First, we have to head to Manage user pools in the Amazon Cognito console and select the user pool.
  2. Then, select Identity providers under Federation in the left navigation pane.
  3. Next, we will select OpenID Connect.
  4. After that we have to enter the following information:
    • Provider name: Enter name for the IdP
    • Client ID: Paste the Client ID noted while configuring settings for your Okta app
    • Client secret: Paste the Client secret noted while configuring settings for your Okta app
    • Attributes request method: Leave it as GET
    • Authorize scope: Enter OIDC scope values that we want to authorize.
    • Issuer: Paste the Issuer URL noted while configuring settings for your Okta app
    • Identifiers: Enter a custom string to use in the endpoint URL instead of the OIDC IdP’s name
  5. Next, select Run discovery and choose Create provider.

How to change app client settings for your user pool

  1. First, we have to head to Manage user pools in the Amazon Cognito console and select the user pool.
  2. Then, we will select App client settings under App integration in the left navigation pane.
  3. Next, enter the following information on the app client page:
    • Enabled Identity Providers: Select the OIDC provider check box for the IdP we created earlier
    • Callback URL(s): Enter a URL where we want to redirect our users to after they log in
    • Sign out URL(s): Enter a URL where we want to redirect our users to after they log out
    • Allowed OAuth Flows: Choose the flows corresponding to the grant types that we prefer the application receive after authentication from Cognito
    • Allowed OAuth Scopes: Select the email and openid checkboxes
  4. Select Save changes.

How to map the email attribute to a user pool attribute

Our Support Engineers recommend mapping the email attribute to a user pool attribute if we authorize the email OIDC scope value.

  1. First, we have to head to Manage user pools in the Amazon Cognito console and select the user pool.
  2. Then, we will select Attribute mapping under Federation in the left navigation pane.
  3. Next, choose OIDC tab on the attribute mapping page.
  4. In case we have more than a single OIDC provider in the user pool, we have to select the new provider from the drop-down list.
  5. After that, ensure the OIDC attribute sub is mapped to the user pool attribute Username.
  6. Then, select Add OIDC attribute and enter the following information:
    • OIDC attribute: Enter email
    • User pool attribute: Select Email

How to log in to test your setup

In order to test the setup, first, we have to log in successfully. Then we will be redirected to the app client’s callback URL. At this point, we will see the authorization code or user pool tokens in the URL of the web browser’s address bar. According to our Support Engineers, this indicates we have set up Okta successfully.

[Looking for a solution to another query? We are just a click away.]

Conclusion

In essence, our skilled Support Engineers at Bobcares demonstrated how to set up Okta as an OpenID Connect identity provider.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF