OpenID Connect - Okta Integration Guide

Owned by Aleksandar Laban
Jul 10, 2023
2 min read

This document will guide you through the process of integrating Freja’s OpenID Connect identity provider as an IdP with Okta. Thereafter, you can use the rules engine in Okta to trigger authentication with Freja subject to your business needs.

This integration guide is largely based on Add an external Identity Provider article from Okta.

Registering with Freja

To start with, follow the generic OpenID Connect Integration Guide to submit your company name, logo, text description and service URL to Freja. With respect to the redirectUri that you also need to provide, subject to your Okta configuration it may take one of the following two forms:

  1. If your Okta subdomain is called company, then the URL would be: https://company.okta.com/oauth2/v1/authorize/callback.

  2. If, on the other hand, you have configured a custom domain in your Okta Org, use that value to construct your redirect URI, such as https://login.company.com/oauth2/v1/authorize/callback.

In return, you will receive a client ID and client secret that you will use later.

Create an Identity Provider in Okta

  1. From the Developer Console, hover over Users and then select Social & Identity Providers from the menu that appears. If you are using the Admin Console (Classic UI), hover over Security and then select Identity Providers.

See the Identity Providers API for request and response examples of creating an Identity Provider in Okta using the API.

  1. Select Add Identity Provider and then select the OpenID Connect Identity Provider.

  2. In the Add an Identity Provider dialog box, define the following:

    • Name: Freja eID OIDC IdP

    • Client Id: the client ID value you received above

    • Client secret: the client secret value you received above

    • Scopes: select email, openid and profile

    • The values of Issuer, Authorization endpoint, Token endpoint, JWKS endpoint and Userinfo endpoint will vary depending on whther you are configuring to Freja eID in test or production, please consult the table below:

Parameter

Value for Freja OIDC Test environment

Value for Freja OIDC Production environment

Issuer

https://oidc-ct.test.frejaeid.com/oidc/

https://oidc.prod.frejaeid.com/oidc/

Authorization endpoint

https://oidc-ct.test.frejaeid.com/oidc/authorize

https://oidc.prod.frejaeid.com/oidc/authorize

Token endpoint

https://oidc-ct.test.frejaeid.com/oidc/token

https://oidc.prod.frejaeid.com/oidc/token

JWKS endpoint

https://oidc-ct.test.frejaeid.com/oidc/jwk

https://oidc.prod.frejaeid.com/oidc/jwk

Userinfo endpoint

https://oidc-ct.test.frejaeid.com/oidc/userinfo

https://oidc.prod.frejaeid.com/oidc/userinfo

  1. Click Add Identity Provider

  2. Locate the Identity Provider that you just added and click the arrow next to the Identity Provider name to expand.

  3. Copy both the Authorize URL and the Redirect URI. Paste into a text editor for use in upcoming steps.

Hereafter, please follow the instructions in Register an App in Okta to test the authentication using the created Freja OIDC IdP with one or more apps that you use with Okta.

Freja intrinsically provides two-factor authentication so you will not need to configure this separately with Okta.