Okta Configuration

Overview

This guide provides specific configuration details for using Okta as your Identity Provider with the User Tasks Proxy.

Configuration Example

ut-config/oidc-properties.yaml

com:
  c4-soft:
    springaddons:
      oidc:
        ops:
          - iss: https://your-okta-domain.okta.com/oauth2/default
            username-claim: preferred_username
            authorities:
              - path: $.realm_access.roles
              - path: $.resource_access.*.roles
            vendor: okta
            tenant-id: <your-tenant-id>
            client-id-claim: cid
            clients:
              - <your-client>

Configuration Fields Explained

• iss: Your Okta authorization server URL. Format: https://<okta-domain>/oauth2/default
• username-claim: In Okta, this is typically preferred_username
• authorities: Configuration for role/authority mapping
  • Defines JSON paths to extract role information from the token
• vendor: Should be set to okta
• tenant-id: This is your LittleHorse tenant ID
• client-id-claim: Use cid (Client ID) for Okta
• clients: List of authorized client IDs that can access the User Tasks Proxy

Setting Up Okta

TODO

Additional Resources

• Okta Developer Documentation
• Okta OAuth 2.0 Overview
• Okta Authorization Servers Guide