OpenID Connect - Okta Integration Guide
This document will guide you through the process of integrating Freja’s OpenID Connect identity provider as an IdP with Okta. Thereafter, you can use the rules engine in Okta to trigger authentication with Freja subject to your business needs.
This integration guide is largely based on Add an external Identity Provider article from Okta.
Registering with Freja
To start with, follow the generic OpenID Connect Integration Guide to submit your company name, logo, text description and service URL to Freja. With respect to the redirectUri that you also need to provide, subject to your Okta configuration it may take one of the following two forms:
If your Okta subdomain is called company, then the URL would be:
https://company.okta.com/oauth2/v1/authorize/callback
.If, on the other hand, you have configured a custom domain in your Okta Org, use that value to construct your redirect URI, such as
https://login.company.com/oauth2/v1/authorize/callback
.
In return, you will receive a client ID and client secret that you will use later.
Create an Identity Provider in Okta
From the Developer Console, hover over Users and then select Social & Identity Providers from the menu that appears. If you are using the Admin Console (Classic UI), hover over Security and then select Identity Providers.
See the Identity Providers API for request and response examples of creating an Identity Provider in Okta using the API.
Select Add Identity Provider and then select the OpenID Connect Identity Provider.
In the Add an Identity Provider dialog box, define the following:
Name: Freja eID OIDC IdP
Client Id: the client ID value you received above
Client secret: the client secret value you received above
Scopes: select email, openid and profile
The values of Issuer, Authorization endpoint, Token endpoint, JWKS endpoint and Userinfo endpoint will vary depending on whther you are configuring to Freja eID in test or production, please consult the table below:
Parameter | Value for Freja OIDC Test environment | Value for Freja OIDC Production environment |
Issuer | ||
Authorization endpoint | ||
Token endpoint | ||
JWKS endpoint | ||
Userinfo endpoint |
Click Add Identity Provider
Locate the Identity Provider that you just added and click the arrow next to the Identity Provider name to expand.
Copy both the Authorize URL and the Redirect URI. Paste into a text editor for use in upcoming steps.
Hereafter, please follow the instructions in Register an App in Okta to test the authentication using the created Freja OIDC IdP with one or more apps that you use with Okta.
Freja intrinsically provides two-factor authentication so you will not need to configure this separately with Okta.