Okta User Management
Feature
How to integrate OAuth2 Authentication with Germain using Okta.
Configure
In Okta
Sign in to your Okta organization with your administrator account.
In the Admin Console, go to Applications > Applications.
Select the OpenID Connect (OIDC) or OAuth 2.0 app that needs grants added.
Under General Tab, go to Login section.
Modify Sign-in redirect URIs according to the below template
https://<host>:<port>/login/oauth2/code/<client_id>Sign-in reditect URIs for OpenID - Germain UX
ex: http://localhost:8080/login/oauth2/code/0oa7asda8tu9esOGL5d7
Note: Client id can be found in the Client Credentials section on the same tab.Make a note of the Client ID, Client Secret from the Client Credentials section. We need these two values when we configure the Germain Authentication Provider.

Client ID Secret and Credentials for OpenID - Germain UX
7. Under the Sign On tab, go to the OpenID Connect ID Token section and update the Groups claim filter as below. This will allow Germain to extract Group information from Okta and map these to Roles configured in Germain. To create Roles in Germain, see here.
i) Map Okta user groups from Group Claims Filter
To map Okta Groups from the user groups filter we can use the below setting.
Group claim type : Filter
Group claim filter : groups Matches regex.*

Group Claim Filter for OpenID - Germain UX
ii) Map Active Directory user groups from Group Claims Filter
To map Active Directory Groups from the user groups filter we can use the below setting.
Group claim type : Expression
Group claim filter : groups Groups.startsWith("active_directory", “Group_Name”, 100)

Group Claim Type and Expression- Germain UX
In Germain
Sign in to your Germain application with your administrator account.
Go to System > System Settings > Root Config (Advanced)
Go to monitoringConfig > systemConfig > authentication
In AuthenticationConfig we need to set the following:defaultRedirectPath: workspace URL ( ex: http://localhost:8080/germainapm/workspace/app )
oauthAuthentication: true
OAuthAuthentication parameter - Germain UX
Go to System > Auth Settings > Authentication
Click on the Plus button to add a new Authentication Provider
Select OAuth Provider and click next
Select OAuth provider - Germain UX
Set the provider settings below
Provider Name: Name for your Auth Provider
Client ID: <Client ID Copied from Okta>
Client Secret: <Client Secret Copied from Okta>
Authorization Grant Type:authorization_code
Redirect URI Template:{baseUrl}/login/oauth2/code/{registrationId}
Authorization URI: https://<
yourOktaDomain>
/oauth2/v1/authorizeToken URI: https://<
yourOktaDomain>
/oauth2/v1/tokenUser Info URI:https://<
yourOktaDomain>
/oauth2/v1/userinfoJWK Set URI:https://<
yourOktaDomain>
/oauth2/v1/keysUser Name Attribute:email
JWS Algorithm:
Role List Path: userInfo.claims.groups
Scope values:
openid
profile
email
groups
Okta Parameters - Germain UX
Click Finish.
Restart the tomcat services to make the changes effective.
Once done, login page should display Login with Okta oauth provider option.

Login with Okta - Germain UX
Service: Authentication
Feature Availability: 8.6.0 or later