Okta Identity Provider Example

This example uses Okta as a OIDC identity provider.

Okta OIDC connection

  1. Get the callback URL from Delinea's Cloud Manager portal following the directions at Authentication:OIDC.
  2. Log in to your Okta Admin console.
  3. From the top menu bar, select Applications.
  4. Select Add Application.
  5. At the top right, select Create New App. A window opens.
  6. For platform, select Web from the drop-down and the OpenID Connect radio button. Click Create.

  1. On the resulting screen, provide an Application name and optional logo. Enter the Delinea callback URL in the box labeled Login redirect URIs. Click Save.

  1. To the right of General Settings click Edit. Check the Implicit (Hybrid) box and it will expand. Then check Allow ID Token with Implicit grant type.
  2. In the Initiate login URI, Okta defaults to copying the Login Redirect URI, so highlight that box and copy https://portal.thycotic.com. Click Save.
  3. Copy the Client ID and Client secret for entry into the Delinea Cloud portal

Retrieve the Issuer URL

  1. In the second menu bar from the top, click Sign On and in the third box down, OpenID Connect ID Token, take note of the URL by Issuer. Enter this into the Delinea Cloud portal. It will be something like https://company.okta.com or https://company.oktapreview.com.

Add Okta Users and Groups to the DSV Application

  1. In second menu bar from the top, click Assignments
  2. Click Assign and when it drops down, add users and/or groups that will use DevOps Secrets Vault. Of course, you can always come back and add/remove people as needed.

Finish the Connection on the Delinea One side

  1. Go back to the Delinea Cloud Manger Portal where we started. Provide a Description and the issuer/provider URL from step 11.
  2. Provide the Client ID and Client Secret from step 10.
  3. Check Enable.
  4. Click Save.

  1. Click Back to Organizations.
  2. Click Credentials.
  3. Click Edit.
  4. In the dialog that appears, and to the right of Post-Login Redirect URIs, click the +. In the prompt that appears, type http://localhost:8072/callback.

If you have already added this call back for another auth provider, then it should still be there so you can skip these last steps (18-21).