This procedure describes how to set up an Okta directory with AtScale.
Okta API
First, you need an API Token from Okta.
Go to the API admin and Create a Token.
Save the token: 00KJn9Ob8PgQXl24e7ii7qzOqpHAUuEOAeVb-0rOEB
Then follow the next steps.
Mkjwk
Generate an RSA Key for your host machine. Go to https://mkjwk.org/
Set Key Size = 2048
Key Use = Signature
Algorithm = RS256: RSA
Key ID: can be any random number, but recommended to put in the Okta API Token ID. --> 00KJn9Ob8PgQXl24e7ii7qzOqpHAUuEOAeVb-0rOEB
Save the Public key
{
"p": "5Jy6OSKMXSQ80jrtPcU9of7r_Kluh6zWsI-4tTE3J8m6fXOd_6QiZPkmGbhOG6Y7X-DOBa8aAn9msF72hzvYqeyHTuKitldJisaVVkkLksi0DOUZSqTuOCNg34iDFkR3RWGTOQCdcAxhRmiIiJKmr1Q8HGFs7SyKvtZfdNnHzNc",
"kty": "RSA",
"q": "yJyfBjTHR9pbB9hEhLHK6HTxOHELgVWtgchp3aasxoGtsEOKdsRTJXW3odhqKhxlUq0ERal95PczBiInCCnEWFWKN-MmsTed34h8pn4mAQ55EnT3YSOWM1POIZYMfEHdoczmudMQldCm4Ir-V735QVIUIA180k3WrnBjlExc2gU",
"d": "cPehLfJsa55tOxFCKS4RbJHgdipS-VgC6ZYdY3qwKE3Drnk8L2OnYBXzWEio8eAdIHxYc_mtlWnFn1rGRAZSqAoUAEjdd4Cq9hCJt9RMcET0WAQRbySUt9t10i6Uu3fjDZsfj7H5ZN6XLvMpuQFbu0w48iRq_Mlw5D2J640b9reQaqJGKbF6L4YYj8MTt0vCBKcJ2z7FemllFKWgGcJ4Rke9Ls_UsO8SJhK_3ajOg5u8BAVVjxw4jV7xlbsi5MTlfKd7bGyh7wgBhAjO2dgPyBuMx4xZSmNFEJSa_VDSS1lJ6aKedQBfzJ9dl9xZpZA0fPhy96n6NnX5oj6ifasv0Q",
"e": "AQAB",
"use": "sig",
"kid": "00pvjiD_KE65lyJsLxmclkAcOAK4OH4_ozGAgBut0y",
"qi": "ywkCM6V7Usl27Rq61qnCbsKUJ8buwDReG0eW1XzCSOshpv3MiuNqFYJAsQrm298hPRlMb4qbRGvENITd0ZPMZUGmF-eZBmVElbDD9yfZJwr2KB2_2GRu27E1BLrmRC42qnaKRL40rDGx_h_c0CsEEK6Jeorwm3eqN0Jy0HhAHDA",
"dp": "cfn5lja1SFKiyCV81kkaG0PfH87RPm9bcheVfTCWUQ3wHk-gPC32v-S_rB8JQhu0im6oCIluLEScS95shqu9r6ovI5M2kDYggkHTfntYe8v4iF1IKMDly7NHvupugJGN7VdicQ7vb0ecz9-aAo0q8UrL1VJ1XiHQ4qg6WyWgyW0",
"alg": "RS256",
"dq": "b7prBvXWFzqRgGj-oDi1HYoj3p93HO0u2R1ZeM0fZN9McOLs9wCYnkBVqZnyZsmx1L3vpyyipSbYEA5tVqqMY_YgKMgmAIVNM_W8Fq4jVGtPGuxx6nP7b1K5dxMumPXGDhskVVIr5oRyrJQ823k-nRathrx8TFR1wGlvzGRLQlE",
"n": "syZPAQBGW-vikoGmMVXpPqxRE2gQkydcxL-U6rQJ-sJDmPOXCrDi_rtr9jZliJk5gJ9VB5ubV_9Gg7NerxbTRuI6kQJ58A5JqK1Zg9J7v2-FFFVYsKi3cEkIbCk5j5uv5mrNjkzxu5YSZS9-CY8QUh2vrrW7sWFUDAhdH-vTxOgct20mSi3xcVHdgYTQcUG2kstYYKQjdLbEQNXNQUokih8j7mur32HsPcKy6GDUdnW6pIbqTbB-rA6fzIiYWpK6L9AJgP1EsVIwia-fNK76yMNsKOx8sjUmUeohLrDF9CkA0hrmAGkIKV6X9i2FhpEcQT9TBQcSmb0x6ISl1poWMw"
}
Register the AtScale Host
Next step is to register your AtScale host to Okta. Replace the highlighted text with your value(s).
SSWS -> Okta Token
Client Name: any value you want to register to Okta
Jwks is the key you copied as your public key, and last is the Okta host entry.
curl -X POST \
-H 'Accept: application/json' \
-H "Authorization: SSWS 00KJn9Ob8PgQXl24e7ii7qzOqpHAUuEOAeVb-0rOEB" \
-H 'Content-Type: application/json' \
-d ' {
"client_name": "Atscale",
"response_types": [
"token"
],
"grant_types": [
"client_credentials"
],
"token_endpoint_auth_method": "private_key_jwt",
"application_type": "service",
"jwks": {
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "00VrgGMh-ocQh-w69xaR5_woYC1Kqkl918J6uFS-iN",
"alg": "RS256",
"n": "nMClux6l6Q2wOrTOBz4B4-z5ZvITIjSad8b2QywBUbfV6twjYg3Hr1XI5__imc8UsEzQDAaoG2CCey8Hxdk302W5oUuVs-hxodN1izWlQQhN6F9XFXwXms0wPCce5w-lIujQG-VWO0b0AA-e-7u3STCvc5pyEHgfE4Z3dt-Hd1omDZ6CsX2RTSrKDNuymsc9uYvWIcLv6wtIH7Z3MRY0mLrDkb4YFcwd-SFKVP-U3-mqj5ic_lfhE6zQOBkdkr0pqMmVywJG58Da4beKW594r4ROhaeLtruuFjvX36gzCiFWOvp-gboX-1TZZgrBRChio-Zf38XB3CIXB9mm3-noAw"
}
]
}
}' "https://piiglobal.okta.com/oauth2/v1/clients"
Okta then will return a value.
{
"client_id": "0oa6e19sumF7pQCav4x7",
"client_id_issued_at": 1646239742,
"client_name": "AtScale Client",
"client_uri": null,
"logo_uri": null,
"redirect_uris": [],
"response_types": [
"token"
],
"grant_types": [
"client_credentials"
],
"jwks": {
"keys": [
{
"kty": "RSA",
"alg": "RS256",
"kid": "00pvjiD_KE65lyJsLxmclkAcOAK4OH4_ozGAgBut0y",
"use": "sig",
"e": "AQAB",
"n": "syZPAQBGW-vikoGmMVXpPqxRE2gQkydcxL-U6rQJ-sJDmPOXCrDi_rtr9jZliJk5gJ9VB5ubV_9Gg7NerxbTRuI6kQJ58A5JqK1Zg9J7v2-FFFVYsKi3cEkIbCk5j5uv5mrNjkzxu5YSZS9-CY8QUh2vrrW7sWFUDAhdH-vTxOgct20mSi3xcVHdgYTQcUG2kstYYKQjdLbEQNXNQUokih8j7mur32HsPcKy6GDUdnW6pIbqTbB-rA6fzIiYWpK6L9AJgP1EsVIwia-fNK76yMNsKOx8sjUmUeohLrDF9CkA0hrmAGkIKV6X9i2FhpEcQT9TBQcSmb0x6ISl1poWMw"
}
]
},
"token_endpoint_auth_method": "private_key_jwt",
"application_type": "service"
}
Register Okta
Next step is to register the value of your Public and Private Keypair into AtScale UI with the client ID.
To AtScale
Okta Authorization
The next step is to authorize the application in Okta for users.
Assign users/groups to the application that you registered.
The last step is to allow the application to read roles in Okta -> Okta API Scopes.
Grant Okta.Apps.read, okta.groups.read and okta.users.read.
The last step is to verify the connection + Assign AtScale roles to the group.