Skip to main content
Skip table of contents

Okta User Management

Feature

How to integrate OAuth2 Authentication with Germain using Okta.

Configure

In Okta

  1. Sign in to your Okta organization with your administrator account.

  2. In the Admin Console, go to Applications > Applications.

  3. Select the OpenID Connect (OIDC) or OAuth 2.0 app that needs grants added.

  4. Under General Tab, go to Login section.

  5. Modify Sign-in redirect URIs according to the below template
    https://<host>:<port>/login/oauth2/code/<client_id>

    Sign-in reditect URIs for OpenID - Germain UX


    ex: http://localhost:8080/login/oauth2/code/0oa7asda8tu9esOGL5d7
    Note: Client id can be found in the Client Credentials section on the same tab.

  6. Make a note of the Client ID, Client Secret from the Client Credentials section. We need these two values when we configure the Germain Authentication Provider.

Client ID Secret and Credentials for OpenID - Germain UX

7. Under the Sign On tab, go to the OpenID Connect ID Token section and update the Groups claim filter as below. This will allow Germain to extract Group information from Okta and map these to Roles configured in Germain. To create Roles in Germain, see here.

i) Map Okta user groups from Group Claims Filter

To map Okta Groups from the user groups filter we can use the below setting.

CODE
Group claim type : Filter
Group claim filter : groups   Matches regex.*

Group Claim Filter for OpenID - Germain UX

ii) Map Active Directory user groups from Group Claims Filter

To map Active Directory Groups from the user groups filter we can use the below setting.

CODE
Group claim type : Expression
Group claim filter : groups   Groups.startsWith("active_directory", “Group_Name”, 100)

Group Claim Type and Expression- Germain UX

In Germain

  1. Sign in to your Germain application with your administrator account.

  2. Go to System > System Settings > Root Config (Advanced)

  3. Go to monitoringConfig > systemConfig > authentication
    In AuthenticationConfig we need to set the following:

    1. defaultRedirectPath: workspace URL ( ex: http://localhost:8080/germainapm/workspace/app )

    2. oauthAuthentication: true

      OAuthAuthentication parameter - Germain UX

  4. Go to System > Auth Settings > Authentication

  5. Click on the Plus button to add a new Authentication Provider

  6. Select OAuth Provider and click next

    Select OAuth provider - Germain UX

  7. Set the provider settings below

    1. Provider Name: Name for your Auth Provider

    2. Client ID: <Client ID Copied from Okta>

    3. Client Secret: <Client Secret Copied from Okta>

    4. Authorization Grant Type:authorization_code

    5. Redirect URI Template:{baseUrl}/login/oauth2/code/{registrationId}

    6. Authorization URI: https://<yourOktaDomain>/oauth2/v1/authorize

    7. Token URI: https://<yourOktaDomain>/oauth2/v1/token

    8. User Info URI:https://<yourOktaDomain>/oauth2/v1/userinfo

    9. JWK Set URI:https://<yourOktaDomain>/oauth2/v1/keys

    10. User Name Attribute:email

    11. JWS Algorithm:

    12. Role List Path: userInfo.claims.groups

    13. Scope values:

      1. openid

      2. profile

      3. email

      4. groups

        Okta Parameters - Germain UX


  8. Click Finish.

  9. Restart the tomcat services to make the changes effective.

  10. Once done, login page should display Login with Okta oauth provider option.

Login with Okta - Germain UX

Service: Authentication

Feature Availability: 8.6.0 or later

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.