Docly

Okta Integration

Estimated reading: 2 minutes

This document walks you through the steps to create and configure an Okta application that Stemma can use to authenticate users.


Note: You must be an Okta administrator to do this.


Steps

  1. Log into Okta admin portal
  2. In the left frame, select Applications :
  1. Select Create App Integration:
  1. Select the options for OIDC – OpenID Connect and Web Application.
  1. In the New Web App Integration, enter the following values:
    • App Integration Name: Your app name, we suggest Stemma Data Catalog
    • Grant Type: select the following –
      • Authorization code
      • Client Credentials (Client acting on behalf of itself)
      • Refresh token
    • Sign-in redirect URI:
      • Use the fully qualified hostname and add the endpoint:
        • /auth
        • If you are running a hosted version of Stemma, this should be: https://<customer>.stemma.ai/auth, where <customer> should be replaced with your company name
    • Sign-out redirect URI
      This should be the base Stemma URL. Example:
      • https://<customer>.stemma.ai
    • Trusted Origin:
      • If you are self-hosting Okta, provide the Base URI for your Okta Sign domain, otherwise, leave this blank
    • Assignments:
      • Select the assignment access you would like within your organization
  1. Stemma will require access by certain APIs to retrieve user information from your organization’s directory.
  • Navigate to Okta API Scopes :
  • Make sure to grant permission for the following scopes:
    • okta.users.read
    • okta.users.read.self
  1. Provide the following values to Stemma by email or Slack so that authentication can be built into your Stemma deployment:
    • Okta Discovery endpoint (well-known configs)
    • Client ID
    • Client Secret

752