Set Up OIDC Authentication (Okta)

1. Set up OIDC as an authentication type in the Cloud Identity Engine.

   1. Select AuthenticationAuthentication TypesAdd New Authentication Type.
   2. Set Up the OIDC authentication type.

   3. Enter a unique and descriptive Authentication Type Name for your OIDC configuration.

   4. Copy the Callback URL/ Redirect URL.

2. Configure Okta to use OIDC with the Cloud Identity Engine.

   1. Sign in to Okta.

   2. Select ApplicationsApplications.

   3. Click Create App Integration.

   4. Select OIDC - OpenID Connect as the Sign-in method and Web Application as the Application Type then click Next.

   5. Enter an App integration name.

   6. Click Add URI and enter the information you copied in step 1.

   7. Select the Controlled Access you want to allow then click Save.

3. Obtain the information you need to complete your OIDC Okta configuration.

   1. Copy the Client ID.

   2. Copy the Secret.

      The secret for Okta does not expire.

4. Complete and submit the OIDC configuration.

   1. Enter the App integration name you entered in Okta in step 2 as the Client Name.

   2. Enter the Client ID you copied from Okta in step 3.

   3. Enter the Secret you copied from Okta in step 3 as the Client Secret.

   4. Enter the domain name URL for your Okta IdP as the Issuer URL.

   5. (Optional) If you have your Endpoint URL, enter it here. If not, continue to the next step (the Cloud Identity Engine populates the Endpoint URL automatically after you successfully test the connection).

   6. Click Test Connection and log in to confirm that the Cloud Identity Engine can reach your Okta IdP using OIDC.

      If you did not enter the OIDC Issuer URL in the previous step, the Cloud Identity Engine automatically populates the information.

   7. After confirming that the connection is successful, Submit the configuration.

      You can now use OIDC as an authentication type when you Set Up an Authentication Profile.