Okta Integration
This document walks you through the steps to create and configure an Okta application that Stemma can use to authenticate users.
Note: You must be an Okta administrator to do this.
Steps
- Log into Okta admin portal
- In the left frame, select Applications :
- Select Create App Integration:
- Select the options for OIDC – OpenID Connect and Web Application.
- In the New Web App Integration, enter the following values:
- App Integration Name: Your app name, we suggest
Stemma Data Catalog - Grant Type: select the following –
- Authorization code
- Client Credentials (Client acting on behalf of itself)
- Refresh token
- Sign-in redirect URI:
- Use the fully qualified hostname and add the endpoint:
/auth- If you are running a hosted version of Stemma, this should be:
https://<customer>.stemma.ai/auth, where<customer>should be replaced with your company name
- Use the fully qualified hostname and add the endpoint:
- Sign-out redirect URI
This should be the base Stemma URL. Example:https://<customer>.stemma.ai
- Trusted Origin:
- If you are self-hosting Okta, provide the Base URI for your Okta Sign domain, otherwise, leave this blank
- Assignments:
- Select the assignment access you would like within your organization
- App Integration Name: Your app name, we suggest
- Stemma will require access by certain APIs to retrieve user information from your organization’s directory.
- Navigate to Okta API Scopes :
- Make sure to grant permission for the following scopes:
- okta.users.read
- okta.users.read.self
- Provide the following values to Stemma by email or Slack so that authentication can be built into your Stemma deployment:
- Okta Discovery endpoint (well-known configs)
- Client ID
- Client Secret
