-
Notifications
You must be signed in to change notification settings - Fork 9
Okta
Sean McIlvenna edited this page Dec 9, 2019
·
1 revision
Create an application for ToF with the following:
- Application Type: Single Page Application
- Redirect URIs
- /login (ex: https://trifolia-fhir-dev.lantanagroup.com/login)
- /silent-refresh.html (ex: https://trifolia-fhir-dev.lantanagroup.com/silent-refresh.html)
- Post Logout URI
- /login (ex: https://trifolia-fhir-dev.lantanagroup.com/login)
- Assign User(s) to the newly created ToF application (See Section “Add User” for steps to create user(s))
- auth.clientId = Okta application's "Client ID"
- auth.domain = <the publicly available url of the tof app>
- auth.scope = openid profile name email roles
- auth.secret = [Not Required. Okta uses Proof Key for Code Exchange (PKCE) instead of a Client Secret]
- auth.issuer = <Okta url>/oauth2/default
- auth.jwksUri = <Okta url>/oauth2/default/v1/keys
- From the Okta admin console, click "Directory”
- Click “Add Person”
- Enter the user details
- Click Save
- From the Okta admin console, click "ApplicationsApplications”
- Choose the Application to add user(s)
- Click “Assignments”
- Client “Assign” button and choose “Assign to People” option
- Search for user(s) and click “Assign” button next to the username.
- Click Done when completed.
An admin role can be assigned to users so that they are recognized as an administrative user. Add the role to the user:
- From the Okta admin console, click "SecurityAdministrator”
- Click “Add Administrator" button
- In the pop-up window, type the user’s name or id in the “Grant administrator role to” field
- Choose the required administrator roles from the “Administrator Roles” field
Have Okta return the roles in the id token:
- From the Okta admin console, click "Security API"
- Click the default (or choose the intended) Authorization Server
- Click "Scopes" tab
- Add a new scope called "roles"
- Make sure the "Include in public Metadata" is selected