USER DOCUMENTATION
Okta
- Step 1: Create a new OAuth 2.0 Client ID in Okta
- Step 2: Configure Your App in Keboola
- Step 3: Configure the Authentication Method for Your App
- Step 4: Configure Your App’s Consent Screen in Okta
- Step 5: Deploy Your App in Keboola
- Step 6: Test Your App
This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola apps, specifically for use on Okta.
Step 1: Create a new OAuth 2.0 Client ID in Okta
Follow these steps to create a new OAuth 2.0 client ID in Okta:
- Go to the Okta Admin Console.
- Click Applications and then click Applications again.
- Click Create App Integration.
- Select OIDC - OpenID Connect as the sign-in method.
- Choose Web application as the application type.
- Give your web app integration a name, for example, “Streamlit OIDC Demo”.
- You do not have your sign-in redirect URI yet; you’ll need to create an app in Keboola first.
- Click Save to finish.
Step 2: Configure Your App in Keboola
Follow these steps to set up a new app in Keboola:
- Go to your Keboola project.
- Click Apps.
- Create a new app by clicking the green + button.
- Give your app a name and click Create App to create the app.
Step 3: Configure the Authentication Method for Your App
Follow these steps to set up the authentication method for your app:
- Go to the newly created app.
- Click the Information & Settings tab.
- Under Authentication, select OIDC and then Generic OIDC.
- Copy the client ID from your Okta application to the Client ID field in Keboola.
- Copy the client secret from your Okta application to the Client secret field in Keboola.
- In the Issuer URL field, enter
https://<yourOktaOrg>.okta.com/oauth2/default. This is the correct issuer URL for Okta OIDC setup. - Click Save to apply the changes.
Step 4: Configure Your App’s Consent Screen in Okta
Follow these steps to set up your app’s consent screen in Okta:
- Go to the Okta Admin Console and open your web app integration.
- Enter the sign-in redirect URIs back to your app.
Make sure to add/_proxy/callbackto the end of your redirect URL.
This is how Keboola will send the authentication response to your app. The format of the redirect URL is as follows:https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback(e.g.,https://okta-oidc-data-app-1234567890.hub.north-europe.azure.keboola.com/_proxy/callback). - Click Save to finish.
Step 5: Deploy Your App in Keboola
Follow these steps to deploy your app in Keboola:
- In your app in Keboola, click the Deploy App tab.
- Select the Code or GitHub deployment type, and add the code for your application.
- Click the green Deploy App button to deploy the application.
Step 6: Test Your App
Follow these steps to test your new app:
- Go to the app’s URL.
- You should be redirected to the Okta consent screen.
- Log in with your Okta account to verify your identity.
- The app should display its content.