Okta
Authentication Setup
Okta Configuration
-
Navigate to applications in your Okta dashboard.
-
Select
Create App Integration, and create a new Web application with OIDC Sign-in.
-
Under Sign-in redirect URIs, add the following URLs:
- For ingress setup:
https://<YOUR-SCALEOPS-DASHBOARD-URL>/auth/callback - For port forwarding without ingress:
http://localhost:8080/auth/callback
- For ingress setup:
-
Allow grant type
Refresh token.
-
Save the configuration and note the
Client ID,Client SecretandIssuer URLfor the ScaleOps configuration.
ScaleOps Configuration
Add the following helm values to your helm values.yml file:
authProvider:
provider: okta
okta:
clientID: <CLIENT-ID>
issuerUrl: <ISSUER-URL>
clientSecret: <CLIENT-SECRET>PKCE Setup (Optional) Available in v1.24.3+
Okta Configuration
Under “General” tab, “Client Credentials” section, check the Require PKCE as additional verification checkbox.
ScaleOps Configuration
Enable PKCE in ScaleOps by adding the following helm values to your helm values.yml file:
authProvider:
provider: okta
okta:
pkce:
enabled: true
clientID: <CLIENT-ID>
issuerUrl: <ISSUER-URL>
clientSecret: <CLIENT-SECRET>
groupsClaim: <JWT-CLAIM-NAME-TO-USE>Groups Setup (Optional)
Okta Configuration
If you need to retrieve both Active Directory groups and Okta-native groups in your OpenID Connect claims, see Okta’s documentation .
Define a group in your Okta integration.
- Assign a role to this group.
- ScaleOps determines the group based on the claims in your JWT access token.
ScaleOps Configuration
Add the following helm values to your helm values.yml file:
authProvider:
provider: okta
authorization:
enabled: true
okta:
clientID: <CLIENT-ID>
issuerUrl: <ISSUER-URL>
clientSecret: <CLIENT-SECRET>
groupsClaim: <JWT-CLAIM-NAME-TO-USE>