From eaa2a0d04da479397b550c54b84bc950a4ab7a14 Mon Sep 17 00:00:00 2001 From: Usama Ahmad <96994784+usama9500@users.noreply.github.com> Date: Tue, 31 Dec 2024 19:23:31 +0500 Subject: [PATCH] Okta configuration (#2199) * Okta configuration * fix build issues and errors --------- Co-authored-by: Kevin Burnett <18027+burnettk@users.noreply.github.com> --- .../images/okta_config.png | Bin 0 -> 13428 bytes .../okta_config.md | 84 ++++++++++++++++++ docs/index.md | 1 + 3 files changed, 85 insertions(+) create mode 100644 docs/DevOps_installation_integration/images/okta_config.png create mode 100644 docs/DevOps_installation_integration/okta_config.md diff --git a/docs/DevOps_installation_integration/images/okta_config.png b/docs/DevOps_installation_integration/images/okta_config.png new file mode 100644 index 0000000000000000000000000000000000000000..a622d8929366927a6bd1f0fa5e2f53267ea47da1 GIT binary patch literal 13428 zcmdVBcQ~8>|1Yje(Wp_aQL8#=YXnuBpj5rBPNG(=qV}Fis->tAt2R+us#TlBjJ-Ft zM@j81NJ7N9y+7aU{B^E#&hPif@B04!;F9Z(B=_rn-H-W9_!B+NOBb(Qq@tp_r1e<+ z85PyJ72xk(`U}8sD$1>O;P*L?XPRnMg?&7$zylgvRb5posuCoKY(Wb=W^jFM=WI%(ljq#wHG7D3|B} z6pjRSC_0`TBfvJ-t24*eCy&!luxd)gc3ax{@2gU-`^bSSEmHu30vFn_dO#9U_E&%_~S z($Q|mBk#HLI<)5Q6w=_=tB}>%)4>A9TT?Ai#=VcS96P< zrldjI7oR_qT99vf@!~}?#0!}MLDZAL#+5yNXvYc5#d*yc3{yjOi%Un0z!EY|9;FPc zw&vWJt{SGff|#>+rC%Q}$q9)~JhUun@C&^4YwD=-A>;h+`?Y~D4@0V5^=rjglIB6> zeHjX&z?y&5iWi*liY?Sm5=&%e!5X8TznIo|vp-6IW>C$dHWDH;cOuWob7}-dudWwU zip)cMjr)Uxl|yCFfxPft*KZ8_qsV%OIhc<`n`yIf6LV)rQh4db{V17PPXEJ=6v#32 z%a<>uS@kpIE3Oad{N;!3#~S@iuX!0New~_r1h|qtn-(p&>zC|}D;>F<>q&1w5g|9c z72J3&*+pMjQ_`fJx{gh{X6pie@zFCU-tmihvo&2s%X+wORO?%kVf8EV;=`}`5Wmtp zq?2ugi-oX3!JS|~c`&lFIa_07MpEw;`oJlav&l3oA9V0|7VOR2(5+Hj#l9dg0!JAZ znK>aZV)S?G_T&dL(}(NpU0Kz_KE6|_A-0k6BZQ?nD|Lg8d8#l;1sdpPaI2G)+d_-D!>EV{M~!k=^QYFE z+m-}|g`M(h;>kj03?zcKkRkS9hK-D2Z|6`m0o!8?&`oubUhAV1RV->!G&I%A9T&^8 z<(5R0oz=)K*|_;wA*?td`|4?}dX`)F`@Slx5)bUb`q-4qq-r4C$|4;9sr8Px!ljZd z(-_O?ehpc6aWM8p@|coei-j9^t1q8@i-rB}+FRA6YV+AG%*l>-=X^pr9srlc?WsAVK~vPpK4j_dyMj#k)|7m+jB115?^As zwh9zRTRmQ8IJ98C#^vcGvO@H)B|oz$(O7lOFmaIp`L{)KEgdQjg*6W?{608)hTU{| zEX2J*@^FSK6l20~(dqxKA|BY6NtVXbwc>|Uw)Ik{Nn>PTa&{Ok>}Z{T@2(iw=Bgb+ zD=cT+cv|d-&R<7eA(ZO<{P@h}e$8ke3ABqtJ4xkk(4lSlgSt9KG1+(_{Yt4$G^P`q zYdcVa@iqM?WYFNRR)%kMt^49X5#3Ex68OFN{;VMXV%e<1mZ)9wjA@d$YZz`*hceQ< z9(Tx?D%rrnTMqJCx+d*1>*)8yc5XC!o!)-)Rxrx}ZO~RG+bcxoMt=fCj_5=rjrXf< z(?thAeg5+q8pH2f(6u1*?{@l#`X76A{(Y3gqNVUcmR^;Un2XO|(Ct$d(ko;+xAar4lP(TN|`Q==c8zEh(z zMnm0b9r^ttfbWK&|3Y$Wvwv~^Co4laiyD2b>a76)?$s~Es(^rJaj8>_2D7MHv-~$d zc=x9YP6W;{N+~3UB%|d82vc;+X9NmwMAUMt>P6L4^@BX(VP7RtSdoVvCqrS3yb#n|R3qa&%{f`=btMu5PJ3Zo43@HwMy{! zt2blcjpm0q!*@AvBZ>?o^KKRa8!mNj6FukbHD8^plj0se&boz5FYb&NGJhuRv`%_9 zrW9}pC6zPVllkV~%&v~)$F~ac!c7bbTQeX$8{7w=8N0!3jV~tcxFK(=w#X7Wu@o@j zGGxuQo!4hvX>~9sbkmom@4z?n{+pgV(**Rae>WNPrfIn+#menua{32+@w4GYFAm+b zX(bV?%J5STu$ki)?D%jZxbfXYtzQ{QBI|mlD{=94_R1UNnhI6mMo+rjFb%&p8DQe2cFT8x=f0@XhavV?o(gxPyY5B=GH8bNp&%|4 ztM+KouRaU%abtCaS%=l{5g;cK6Fr_xk>embKJh^{s1mQG;Xhebd_~I`H(V3tdz- z6DUObn=^Ef7?G>H#g}NFwYt;%@lx66*NTt1paqO|xTE0nWcL9sqhF=ez@k_R$98Im zx#Qvyj0QXd+s6m%wwCYh&cP;e?e-|&1%|R1EpAXb&UwfegXDm-Zdt}$5b#!1^7U`S z{b~I0i^*r!FOSq50j{^hCGKkTER<61?yh8iTEV>bt+R~t()sjsgM%$J?{idxo0A)# zNs&1RWwsCFf|>uQ=0CZAFlLTEmI@^9G?D+>53PMbf!uh6>fv37&D|P~b-It)xNq;m zgq%eNGTZPUEWOxtk^f$0D_U{Px%Hsmx52~W;_v!8yO|xmYM}R@ti(97mcCr!Q4So3 z-yXODBL3YjFsT}Ga%kj4UtL+$i88<(^ zWn-_)cCoZ8Wn<=uy3M`ULAxe#luhxJSzlZfsmwD-upY@QXwNTGan)|fid8bPL#Q|P z4Z3TdOJb1)>BVm)ax;B8^`Ls`$2C!9+Dp2+}{XB^ALyrGau7RQI1 zeyG>Wf2(Y|6KnN*$xAZW5{dJXTy1)$*Wo6iw<0@#8Kal_#hT?OaR4dtfT=5&8Ugwy9A&K6Put;N9YLC5Mk}N@c#B3 zR{YT!pRxm(3c~^-_)B(n6Ir_iKx_c-=(z8z)PF4kB^bX=mlSM|=1qgt&@U5jrYHDK zIiW+4%13uz7#Muaf1dX$Q>9LkFOo-2(s8zSVlql;X<7w3R}TZNn)E0+18(CYDeoIcw!rnSePcRRT9KOL zt(yKL{u4HBrbJQWHz!w0przK~2Zjr6R!w-Sg2^h6rfi6UupJ#n&XjH@2@edX>A()xQ?KIgmhi{sJStZC|OFu?%;NU}a*EdEc()trEw&!1fbaMYD|yUHkrCfI%y6-8A0s zBr+`k>)`BhbHEHdxiA~BT|wNgBV=y=sc@c|WLHB#7wufMG%n$ zzR?5D-hRKz$SXg>PB#*<--4SSrmA7#Y5BsWwNTzyU{v;_LV=nWRTj|L^g*L@7uUXN z_GBp!1y4l^sFOMmR`(dB*v^AJiT7`#e3PGW#x$rmG*}L_v1<&y7gU@Tgai_cPuk)y zV(tCvC`aoW!=OQyai+uN(y(^~w*oUnqwuWcqvRmWZnWOBC#F|mfmEa4BI;c};NK@2 zr;EI26+H4!=U;e~`IYy<+ZPtB=g@QTfFHEFB^DHeToa+@D(5_!7mu{K!!p=#jj zbJJ?iyU^TyMCOB=>BQsvE63Z|xq^R=;1WS?7jKL1USQ&}gEyp200Qi16w>$HS`3|4 z+srP;)vYzoTZW}AIZIiDO7YSY$bv#Wd zXeFoePBzcv5C^TAb&$!N=(e_{SBQ*0%nNnFq5`Jy8Pi$27H1arF>Z9MboBI76hnb? z3#PvKj@!@5l3mfQk0XYF;)`dq11@soTFW)(dm<(nalnuXAOzKiRsMfscWP7+#Q9K* z{gpwBg_dv&0Ob7USl;v`$NHFd)%xL^s=e0tY}KsOKpbMh6J@r>5c6u!{EYK3Uw~|u z^xOfM6nFj8KsIVlmbCe2WxC2kHsH{4HV^(aN~3`0}mR1Ae&o4+7%g$9y#;?tF$?GEOC;ctPS~w zJ+fZ0dN+6O{DokEmeLw-5;2|JXQ|dIr%;X0wlpL(u&C~EvMG5S7c5{cmm8BDMhv`gnG;UgDNco&%g%0n-Qx5Y|h})FmFv zdd4m35X5X@-t#;?_M~;1t{lBg%1Hk6rET8~;^stIUN7_JWQDNKWTwzqV_lXGszXT> z-lMsdJJaz&GL(_aa`*Zn0v9FI1O8}w4lCnQcaTW>e0c?W%aqZ6YHOy3V{)`vNI%nY zG42!q!d|39b^(Mu&m7{rv)2utdcZdJ>rc&gy}}upZFvM1G34-Jc9B!ofD840!bD)f zj+q7gdX?s8I=#GJSkrg33b+=hOzbJ;Sab$Pn6V|WV?HXwj-VMQ*V1J#dF}3`Iaha1 zzORjES0Y>&ORA2c+f;|_C_=^C38H=H;|Ni%d)ENJEdbs|qi4L+ek1+$(xf-zYOkq@ z740#2=6|jWZ50-GzD4|lOP2TgLF!GHyI){dH#yCCU68iv%=p0_QSA}u1PWM*|Rz})V`T#vj7*ZJ$K{5R;e+{rOP2C}AFW#95Xh`WTU z4f^us=ik4Jaz>yLQx>hCu37+EZAlQ~J$UB>nbmghkb#HQjQ}__N0au0sHyJo^eNwzGXy*(pYNY@9yc$W^(XuCd9jMwsN%dOB4}j~Q4bsvMK8xYwRz1)iyF}& z1E|7sz>yd%c}N+MY!$AdQX=o@g+!MztSc_qlhH{5XM_;2vc3v+dtJhn9agG_sN+Xw z`^MAdq%+^Sg`(`|8SrPhnDmJrm{1nk>^P>S0-yQqwsJT<`@#xy*J8>YXNE2gJjDc^ zxyGwVeR?$$t>R~}`Q(;kk@yB+YxYXkM{?rfB}2B6n1S{dduWGz z0@7U3JMNZ{lg}|HUIID{jp%ORH9k^47Y8x$o;EuR@r?*PCUl8L=^WV3>VOP#QtgSn zo7K4^FIlm~3N4%)gQiF=TqLu2((-XX%%(7>x1)J#5FZ{sH9i$m$*UZQsrUr}35wQ) znt3~t{Ew28%=|l#Li=-CzEI3AwAfquhzz&|67(y%yzm$?PfT55IbEWh+jovc5txv@ zYP_JCqwj>h(-pR)btfI3BCth8l?!xW7Z!o1_NI2de+Vbe)8UOP-oC7my>vTCpG4!| z6wL5j{!Tod@WUOg5GGpBX9nay8Sl^gY|ttD6*t-Joi`X#@ZJzdvlw19nACZ^Z=MB_ zEO}2bg3AEmA-qIm#i{`zz;4X3(j3Y>1@^Ow65N%7*6wB}V~DL*LRuwS3U>z{L{(rI z3pmm5w0r=I39bLzAI#%2VOiy$0z{l8-jVnP86%&f_|v$|>guWPAV4-unPuXMik4P< zH~2uPaw%ukVQ*)RpgFowNz*X9w66_c89W{HhnZR;rVi&r`K3Wo($KYPZ#YW-t9@5=@kVJ>|?I3{l4b^~0e~^R8CN zGF^dLiTK*Rfr25UnVsoK@?HHf;Y;!C{Vgl)1*0?m`^w$#4&hy&W{=&RXj6YV@4ev> zHLss0TQ2N7ib^geo5b}u4PP&WxI_!JeN_=^f8|J`GX4^b@0M-(gvZSCWkMpZwXCMO z)R&O8+7AY$|8kEd%~{XX=~1*ZM}E%`12W5b;mWZ$c>s%1R>3^Rn>Q~fj%NWC7@EU= zclod7=k=h7nMuuFd(%nl)^T~g^n`UCHanU>qsA^3AyPvUSUZ4yg zvtMKKzb^OwPc~Tc;_1n!Q@j11`~BnC=YLPd@!OYAB3#tMmZE50g+(@DZ|@^$I}r~S zAXnX@u`Jo7n?dZ^tg25)kdDCcF#U5!LIf5gN|FSe1;L*JezwaWQHZ4+HOVBHCR+t9 zAp+w+o=3A}`w9H#zW|r%;7lR7kZ%j0WGk)%dt3}ordJLO&fylcIxCdCYd-cmQ{-#V(|xirFBWk|5U zKr5A2lc0hZT_8^Nce+eo6i8JDR^S>d&1WYk5!-t1jrZIU;HIdn8*_EKaPT#gCTk{Z)W=Mo7D!@xz0C{Q-HpM@4tDt z{$EwV*9~f2WuV?=0#av2Ku2~Tzxlv*|IJ_1BuPL^x&oRKIGfcMFJBs+9_GA2y>Pn#G<)7JvjilY+&7fyGCpNZCIV z(3Ly|%4m)uXF%(b6(jfj_g5_JHKVRw<@5U+3&iB>;x=7ZKt9lSCWw=RFE4)@SOBb; zn77;tUREKQ+#Fkj?;hZ}(J39$`}RkV83{#z9u-Uu4w(C<9|g$BE&R@WGl)QH<8~>p zN4w6et=C{yUH0v>utSi5gEgDg2vRFZeS7=wqE+x-C=+k$BqD^xFthZcr${lB9m)x4 zvvQ9nlRK`suCxzu9y@ zqCZpVP#d<;dF77FM5)aZpQQC;RWhzxZkMLBMG>g5J@k{s1ox$h<|{8HR+v707}IbM`>(ADp&aKTHQqXJ8YiBU;sLrG5$CZZtMkZ_i#lH4kr&9i=B7iL`77tfEnUa&nE<}2 zisAIn2j(7KicT@J(tb<^o3|Wos=r>QV$~D#Fj2dv;&Mw+n*7RQdG15NBBLmAfz~*7 zsgpsUHw*P6K!{W;9DGwV8fyLp;>)+sb@Wdvih#vn*@^&nvJ~A7++9!Mz+i)pn9dVu z1>n8&52r;lMUw4`;S)D*W$G&eu^z)rjSqUc)De6>o@JD_f9NqTk-9&0H>Y5+J1GtI zFvZ^f`*{nq!;aXS+_wf49R$IM!=Assy${A-u$ffeFB!=Pd0i+(1Gdb74nAA}i`89W zt_^7Lut9{rS8mm#CwvazBHTTaB&1N1rP)^;_63eY+Xa}nb0U$J@L5B*_|fJC$`-&1 zcOW)bSE`?-$vlBw{-n{Le;1a&)8>2pnPHNHJz77`{y-nk)*JeapseL|O!&MttQOX- z8Gm_YvLUTdF{xYrEFdy^s^!25(l*IhnFR@0re^$GGxnbQZw`TXYgFRIn7I@XvA26dm`O1oyGXumN=jvyok4oVu{y!hSGCBYf=B_mjIDWYw?NDRlmy|Z`m7t$x z-=X^9LP%Fv7XZvb0~HQq#lT(*v?Hwo2srC?7vRqBnp8f(mDg-UfCTHzPmjhd01)^c z4WaBJNt|j4bn0(`j#Ik-`V+u^8J{(x%H_3ynGphFGeLxbf;0ByFq>K(4j5WV!a{3A zGazpaSvCMWJnnV>Fy;L9zMs%~&U<1Vz{W2>a=-HP;Wc>1*Q#kebE;}xheCbjlFC*p zAZO_JLO>jQwjA7(hTdUTK#b8_D%b}&MvlpHdn6t3$W&z{HHdz%L&-b51Rvl0S6vY0je%O+LR{ z<<2wmIw_K^O;&f36vMP(uYp7%L7L`#Zy45&Yoi&X6{EB6#J-rjz%B%Y+%g zL7NY`?9gG8%F%?0a*Anzi|^cmGB9Q|MsCsA!r-FcTB;#D8^2t#M+2w-iraf_q;oP+ zV%y$w-d&&pd8~Cb-yF)J4h$)EhLm`diEelgMFdup^EQCdjK5x0Tr9#;s-t=VTnsU* z^PfmQ)KE9kY@<|+nK|I%{cm;SCX=7jKaAlDB@QxgS1t45eM)qeS|5~jtM~z6A_2(~ z+sZ{bj~6#aTOJ&&-$DtY0wp(qPIS`ih+GEH@D2cX?0bjD`%7sqAA#z40tQq|G8gA1 z5@zZG2x_KW{4IEgi1sm{Xn68dvFveS<|5mQFLl!mn~(rtuu4IwhxTLR`xq*=%gZs+ zL2g##OH`G<#REZlIzo$&oxcH@aQ3TIfJ0NJ@N;Fh$dhOM;P&P_{UK4|@qG+#Gd%K= zi|3nKsSbjG!L1=RWl!;@pdFxFPg8JaThqCg)hELAPV${^{pX~8JX7QjAQ*<5vJj_~ zCC%jJUhuAV(8~qOp5VqCA)-QrfQ4|OJ&7XaIKtg6nJs<-WGj|1fnjc?&KQ;HaKSJ2 zE*(3C`szG*Y!)0c;#uM||> zgK%GeC;7T5ScV0j9E|<$3f!z1yXa-%d_ydPe#uKcGbAKQ)A!W`^uUhVBCKdG37W-a zPIN1Bh__|${9P7E9c3q9P~Z!XyQ0$2A9Cqa>pAC0A4g6_-{KSZ`$jhI9<|TqzPece zGc2r}1+cX=5d|@%_*^z}eX01p^~-iu*`H6KRqo$@ZSZWrjy8XoE;O&xm&yP0wJ%`# zMT-DAGm)i>$CLAge>%0FEI2HT&9oBns8bUbE2hdTtZyMGaSJu&rQf0G{PW9#)IG{3;hOj!iKXMFId$Ze19VguaX8$g0Hoc9LEm5hN11=wkBr#e% z!s(y|N(~6kaz_FI1SG{=WFWX~s>#G-Im74UnGGZ3O0O&1qVE~;Sq6Vz@v0`w2J}Wf zet0*?TV`xEA`D|{Ikcu-TTX1HNo~F4fj!@3^s`bhbsp3PE&m~Xy%zj0MS}|E`2e1lDN$8t9mlBGSDS!4Zj%Foe!^qm z=iJLeX{6&%P9s-U{fF>JS%SPB=zw98XHd`Lie7_+j! zQkO67Dp{(+00?_a9W^DoG5#JHN^*k@b>SxN;{`_VUpGq+;Pbk=V#)6L3Z|s*(tef_ z99f#Y5gF)_ar{~Ka%)-SPOTye9bf#QFXH=?p7)1)Z`029SydpA<>urJt=4$1TK2ow zo^Q7d7B5}<`{**#AP=a3lz?1w)0ZGNK67q5rpF_UOTi++I_IQ zzGd0cpCuOujv%S~JWx9x);Fra_ke%R-P(>NKxRGb4n~c2U10(mspa*J;N^X~g1fu? zoX-{6z9BvME$1UO?m9OUxi-KEQukXtBjqbDJ)o`bVGIUI|7EV7Fo&2M!e_H*t5AGq zybS00VwtTzRG+=1w6t45W~+!@OXShhH?RD9R3W5J{fqWyaFWga7i2|t?S7DtM9`z@ zA+sOaKf$Z4ugO(xto*g{#MP!E$?B? zu>$k7@Z73ajx?+wxBh9GqPqRt;g4c(k^(Y=s%M+q>X(7WhwX*V$fwV9G5&*SC8h1P zVvXK1UnWHUrMIctRtt)07j^&1ayaiIe^fS;d+}gdKK0s>!iu)VvxcDsUMi8fav$C` zwdb4My_e?V>Ru72<|v6i;lf&FKqUf<{>feczn%AOxxJ&Wkvg2mop$3a8u%{MuYBy- zxqTBq$VvJA74Z#;NN7Yz;vlb27QqM!$RFb#q8kx=?ZRoF1PRZNRg7Nd$irQCF71&b zF3ar_P^17@(HKxw^)kaLc$9Wl_v6CN+XHH0KS8HSF_%IR;abYAdwYnK)zis1gac`} zoj>gf-rnH!AO2HzJiZ@-20xB%YrQJ7+JQPHWst8KruSi$Ka1S&1dh2__G2>+T!+X9 zMTm-1`VKM-d&)y7W$-3kK65e5|-hay`;nVT>>m_N6%?VIMxY7Jzz=)iaH zi(b$7Cnb=L2fady^mfl(QJ!RRv8fq&W?rwcd3r3*Zm0Zm)p$br)ZJ;TodXkQY;2NM zRS8`ojnkS#af+1UkC?r`lcqq6WtVwfIS{XSSG+_87k#Q(9q}2I+>9Rw`j@3r#Uv%a zy|15fsK}@gfZi*X=t@)qU{;nEzl7m1#iD4uA23R_k+zTyIUKk8t^E6Lp-5H0*}jm{ zXF(CyHS53ef;{&ErUN0VM6DpR;@3e=Ay!W9l#0b}FjfS*^X@^$beEp{ZJKMur81Yg zvga&_w~|iUW+q(j1kJP0R==b3d0X!0h*-=nA>8i*H^Oj26iD=L&YtPd=h!GlVETaG zJaAWoBEm~Ei?2N1Z>wOL4N85!W8rJl*av0k~W`6X9k$o^d4dm^LNth z?Dc1_H}QP?zG~d4hXYrBbLm|V-K__Skuj`*-{L(COOQTUw^1$c!sm-kgtyC$N zv7&xT4CE(&POd?S=v4p59CNrWwGwPLi4-FYx}mTdZe@UcDCd@I2A{$DVkBiOQt+2C z@JZFMrC=bedn9;wAgoh}4*LtO((iZZ%XvDLV=-PN+)FLQ++@*EqzuBQ!=?852}aNg z$^zE@R^NH#%a9-(1cU?=_u^_@_j#TN_d2)QI zUOi-%cI@_1+cdr7t64MVf+q!rOnVKdoy%hIKPV@^wapj^+>KPCLg4cFdc6`0Tk0+j zm_xG@kPcwyxiVPB^gpK>g&Ch1@ zCAbBMQ6Tm5Sx%VpRi&NoeO%j3eRhtO)0+8mqY&hhI#4@2kH)F-fF%8H(O!!f2`Si% z*xs0s9lh&@tCiE-=P7zF8C|36*n72U5?x>FOD}nlOX+@=nP%n2F}VC*#p6We%J|(s zGIs~e>W>?(svL5i)ue9!yCZ-sK6n{#b?SGQaem>p1Wn;Rq3m}rBfWSco~5d=(RFhT ziP&|`8x!?E93Y60!8}n&&E0_ugM?WQIAr+-E-ZvVl?{9Ow|%+nK)> zAbW#9it#v)-|BaDvsha~mwC#TOYQr!&RHy0JxEmOkA!I}_Hk#LpMcryE75M}r=~v$ z20Fw4Ztv1j*6v4WXHtf^###@2PjJh<4F^iZIZY>SlxrqhL2Lj?MuA223&SOE4`f#X zUrx!6%}1&zoXTfVY@uF$Rw>IPJnybXe4b=sd5W&oo;RMhcS)Ank8-Fh5iPv%?@D!I zKSVRnZ8_=O`LJ98Z6lk7OA5>~aj1>({(qT5w9p(OPFFNlfwT|!PRu}T{zK|tKuZZc hu-+yPVoxD^btSLAvS_IR-xQ+K($G^cRD1pYe*hvrh;je` literal 0 HcmV?d00001 diff --git a/docs/DevOps_installation_integration/okta_config.md b/docs/DevOps_installation_integration/okta_config.md new file mode 100644 index 000000000..ee8511c3b --- /dev/null +++ b/docs/DevOps_installation_integration/okta_config.md @@ -0,0 +1,84 @@ +# Configuring Okta as an OpenID Provider +This guide provides steps to configure Okta as an OpenID Provider (alternative to Keycloak) for SpiffWorkflow. + +The setup involves creating an OpenID Connect (OIDC) application, configuring environment variables, and ensuring group information is passed through correctly. + +## **1. Setting Up OpenID Authentication with Okta** + +1. Follow the [Okta App Integration Wizard](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) to create an **OpenID Connect (OIDC) Web Application**. + - This step provides you with a **Client ID** and a **Client Secret** key. + +2. **Key Requirements**: + - Obtain the following details: + - OpenID Server URL + - Client ID + - Client Secret Key + +## **2. Configuring Environment Variables in SpiffWorkflow** + +Set the following environment variables on your SpiffWorkflow backend server to connect with your Okta instance: + +```bash +# OpenID Server URL +SPIFFWORKFLOW_BACKEND_OPEN_ID_SERVER_URL= + +# Client ID and Secret Key from Okta +SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_ID= +SPIFFWORKFLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY= + +# OpenID Scopes (includes groups) +SPIFFWORKFLOW_BACKEND_OPENID_SCOPE="openid profile email groups" + +# Allow OpenID Provider to manage user groups +SPIFFWORKFLOW_BACKEND_OPEN_ID_IS_AUTHORITY_FOR_USER_GROUPS: true +``` + +## **3. Adding a Groups Claim for Authorization Server** + +To pass group information to SpiffWorkflow, configure the **Groups Claim** for your OpenID Connect client app in Okta. + +1. Go to **Admin Console > Applications > Applications**. + +2. Select the OpenID Connect client app you created. + +3. Navigate to the **Sign On** tab and click **Edit** under the OpenID Connect ID Token section. + +4. In the Group claim type section, you can select either **Filter** or **Expression**. For this example, leave **Filter** selected. +In the Group claims filter section, leave the default name groups (or add it if the box is empty), and then add the appropriate filter. For this example, select Matches regex and enter .* to return the user's groups. +For the **Group claims filter**: + - Leave the default name `groups` or enter it manually and then add the appropriate filter. + - For this example, Set the filter to `Matches regex` and use `.*` to return all user groups. + + See [Okta Expression Language Group Functions](https://developer.okta.com/docs/reference/okta-expression-language/#group-functions) for more information on expressions. + +5. Click **Save**. + +6. Click **Back to applications**. + +7. Use the **More** dropdown and select **Refresh Application Data** to apply the changes. + +πŸ“˜ **Reference**: [Customize Tokens and Groups Claim](https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/). + +## **4. Passing Through Groups from Active Directory** + +If your organization integrates Active Directory (AD) with Okta, Use the following Okta documentation for guidance: + [Retrieve AD and Okta Groups in OIDC Claims](https://support.okta.com/help/s/article/Can-we-retrieve-both-Active-Directory-and-Okta-groups-in-OpenID-Connect-claims?language=en_US). + +Adjust the configuration to ensure group information is included in the OpenID Connect token passed to SpiffWorkflow. + +## **Example Configuration** + +For one of our users, the following setup was used to pass group information to SpiffWorkflow: + +![image](images/okta_config.png) + +- Environment variables included the OpenID details and group scope. + +- Groups were fetched from Active Directory and passed through to SpiffWorkflow using Okta's configuration tools. + +πŸ“˜ For additional details, refer to Okta’s documentation or the SpiffWorkflow team for troubleshooting. + +πŸ”— **Helpful Links**: +- [Okta App Integration Wizard](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_oidc.htm) +- [Groups Claim Documentation](https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/) +- [Active Directory Groups in Okta](https://support.okta.com/help/s/article/Can-we-retrieve-both-Active-Directory-and-Okta-groups-in-OpenID-Connect-claims?language=en_US). \ No newline at end of file diff --git a/docs/index.md b/docs/index.md index 25555c0ea..a81ba11a5 100644 --- a/docs/index.md +++ b/docs/index.md @@ -73,6 +73,7 @@ DevOps_installation_integration/Secrets.md DevOps_installation_integration/redis_celery_broker.md DevOps_installation_integration/path_based_routing.md DevOps_installation_integration/process_model_management.md +DevOps_installation_integration/okta_config.md ``` ```{toctree}