How to Set Up an Okta Directory

This procedure describes how to set up an Okta directory with AtScale.

Okta API

First, you need an API Token from Okta.

Go to the API admin and Create a Token.

Save the token:  00KJn9Ob8PgQXl24e7ii7qzOqpHAUuEOAeVb-0rOEB

Then follow the next steps.

 

Mkjwk

Generate an RSA Key for your host machine. Go to https://mkjwk.org/

Set Key Size = 2048

Key Use = Signature

Algorithm = RS256: RSA

Key ID: can be any random number, but recommended to put in the Okta API Token ID. --> 00KJn9Ob8PgQXl24e7ii7qzOqpHAUuEOAeVb-0rOEB

Save the Public key

{

    "p": "5Jy6OSKMXSQ80jrtPcU9of7r_Kluh6zWsI-4tTE3J8m6fXOd_6QiZPkmGbhOG6Y7X-DOBa8aAn9msF72hzvYqeyHTuKitldJisaVVkkLksi0DOUZSqTuOCNg34iDFkR3RWGTOQCdcAxhRmiIiJKmr1Q8HGFs7SyKvtZfdNnHzNc",

    "kty": "RSA",

    "q": "yJyfBjTHR9pbB9hEhLHK6HTxOHELgVWtgchp3aasxoGtsEOKdsRTJXW3odhqKhxlUq0ERal95PczBiInCCnEWFWKN-MmsTed34h8pn4mAQ55EnT3YSOWM1POIZYMfEHdoczmudMQldCm4Ir-V735QVIUIA180k3WrnBjlExc2gU",

    "d": "cPehLfJsa55tOxFCKS4RbJHgdipS-VgC6ZYdY3qwKE3Drnk8L2OnYBXzWEio8eAdIHxYc_mtlWnFn1rGRAZSqAoUAEjdd4Cq9hCJt9RMcET0WAQRbySUt9t10i6Uu3fjDZsfj7H5ZN6XLvMpuQFbu0w48iRq_Mlw5D2J640b9reQaqJGKbF6L4YYj8MTt0vCBKcJ2z7FemllFKWgGcJ4Rke9Ls_UsO8SJhK_3ajOg5u8BAVVjxw4jV7xlbsi5MTlfKd7bGyh7wgBhAjO2dgPyBuMx4xZSmNFEJSa_VDSS1lJ6aKedQBfzJ9dl9xZpZA0fPhy96n6NnX5oj6ifasv0Q",

    "e": "AQAB",

    "use": "sig",

    "kid": "00pvjiD_KE65lyJsLxmclkAcOAK4OH4_ozGAgBut0y",

    "qi": "ywkCM6V7Usl27Rq61qnCbsKUJ8buwDReG0eW1XzCSOshpv3MiuNqFYJAsQrm298hPRlMb4qbRGvENITd0ZPMZUGmF-eZBmVElbDD9yfZJwr2KB2_2GRu27E1BLrmRC42qnaKRL40rDGx_h_c0CsEEK6Jeorwm3eqN0Jy0HhAHDA",

    "dp": "cfn5lja1SFKiyCV81kkaG0PfH87RPm9bcheVfTCWUQ3wHk-gPC32v-S_rB8JQhu0im6oCIluLEScS95shqu9r6ovI5M2kDYggkHTfntYe8v4iF1IKMDly7NHvupugJGN7VdicQ7vb0ecz9-aAo0q8UrL1VJ1XiHQ4qg6WyWgyW0",

    "alg": "RS256",

    "dq": "b7prBvXWFzqRgGj-oDi1HYoj3p93HO0u2R1ZeM0fZN9McOLs9wCYnkBVqZnyZsmx1L3vpyyipSbYEA5tVqqMY_YgKMgmAIVNM_W8Fq4jVGtPGuxx6nP7b1K5dxMumPXGDhskVVIr5oRyrJQ823k-nRathrx8TFR1wGlvzGRLQlE",

    "n": "syZPAQBGW-vikoGmMVXpPqxRE2gQkydcxL-U6rQJ-sJDmPOXCrDi_rtr9jZliJk5gJ9VB5ubV_9Gg7NerxbTRuI6kQJ58A5JqK1Zg9J7v2-FFFVYsKi3cEkIbCk5j5uv5mrNjkzxu5YSZS9-CY8QUh2vrrW7sWFUDAhdH-vTxOgct20mSi3xcVHdgYTQcUG2kstYYKQjdLbEQNXNQUokih8j7mur32HsPcKy6GDUdnW6pIbqTbB-rA6fzIiYWpK6L9AJgP1EsVIwia-fNK76yMNsKOx8sjUmUeohLrDF9CkA0hrmAGkIKV6X9i2FhpEcQT9TBQcSmb0x6ISl1poWMw"

}

Register the AtScale Host

Next step is to register your AtScale host to Okta.  Replace the highlighted text with your value(s).

SSWS -> Okta Token

Client Name: any value you want to register to Okta

Jwks is the key you copied as your public key, and last is the Okta host entry.

curl -X POST \

    -H 'Accept: application/json' \

    -H "Authorization: SSWS 00KJn9Ob8PgQXl24e7ii7qzOqpHAUuEOAeVb-0rOEB" \

    -H 'Content-Type: application/json' \

    -d ' {

        "client_name": "Atscale",

        "response_types": [

          "token"

        ],

        "grant_types": [

          "client_credentials"

       ],

        "token_endpoint_auth_method": "private_key_jwt",

        "application_type": "service",

        "jwks": {

              "keys": [

                     {

    "kty": "RSA",

    "e": "AQAB",

    "use": "sig",

    "kid": "00VrgGMh-ocQh-w69xaR5_woYC1Kqkl918J6uFS-iN",

    "alg": "RS256",

    "n": "nMClux6l6Q2wOrTOBz4B4-z5ZvITIjSad8b2QywBUbfV6twjYg3Hr1XI5__imc8UsEzQDAaoG2CCey8Hxdk302W5oUuVs-hxodN1izWlQQhN6F9XFXwXms0wPCce5w-lIujQG-VWO0b0AA-e-7u3STCvc5pyEHgfE4Z3dt-Hd1omDZ6CsX2RTSrKDNuymsc9uYvWIcLv6wtIH7Z3MRY0mLrDkb4YFcwd-SFKVP-U3-mqj5ic_lfhE6zQOBkdkr0pqMmVywJG58Da4beKW594r4ROhaeLtruuFjvX36gzCiFWOvp-gboX-1TZZgrBRChio-Zf38XB3CIXB9mm3-noAw"

}

                     ]

           }

    }' "https://piiglobal.okta.com/oauth2/v1/clients"

Okta then will return a value.

{

  "client_id": "0oa6e19sumF7pQCav4x7",

  "client_id_issued_at": 1646239742,

  "client_name": "AtScale Client",

  "client_uri": null,

  "logo_uri": null,

  "redirect_uris": [],

  "response_types": [

    "token"

  ],

  "grant_types": [

    "client_credentials"

  ],

  "jwks": {

    "keys": [

      {

        "kty": "RSA",

        "alg": "RS256",

        "kid": "00pvjiD_KE65lyJsLxmclkAcOAK4OH4_ozGAgBut0y",

        "use": "sig",

        "e": "AQAB",

        "n": "syZPAQBGW-vikoGmMVXpPqxRE2gQkydcxL-U6rQJ-sJDmPOXCrDi_rtr9jZliJk5gJ9VB5ubV_9Gg7NerxbTRuI6kQJ58A5JqK1Zg9J7v2-FFFVYsKi3cEkIbCk5j5uv5mrNjkzxu5YSZS9-CY8QUh2vrrW7sWFUDAhdH-vTxOgct20mSi3xcVHdgYTQcUG2kstYYKQjdLbEQNXNQUokih8j7mur32HsPcKy6GDUdnW6pIbqTbB-rA6fzIiYWpK6L9AJgP1EsVIwia-fNK76yMNsKOx8sjUmUeohLrDF9CkA0hrmAGkIKV6X9i2FhpEcQT9TBQcSmb0x6ISl1poWMw"

      }

    ]

  },

  "token_endpoint_auth_method": "private_key_jwt",

  "application_type": "service"

}

Register Okta

Next step is to register the value of your Public and Private Keypair into AtScale UI with the client ID.

To AtScale

Okta Authorization

The next step is to authorize the application in Okta for users.

 

Assign users/groups to the application that you registered.

The last step is to allow the application to read roles in Okta -> Okta API Scopes.

Grant Okta.Apps.read, okta.groups.read and okta.users.read.

The last step is to verify the connection + Assign AtScale roles to the group.

Was this article helpful?

0 out of 0 found this helpful